c3p0:c3p0@0.8.5.2 vulnerabilities

latest version

0.9.1.2
first published

18 years ago
latest version published

15 years ago
licenses detected
- LGPL-3.0
  [0,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the c3p0:c3p0 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C XML External Entity (XXE) Injection c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0" Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. via the `extractXmlConfigFromInputStream` in `com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java` during initialization. How to fix XML External Entity (XXE) Injection? There is no fixed version for `c3p0:c3p0`.	[0,)
H Denial of Service (DoS) c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0" Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing protections against recursive entity expansion when loading XML configurations. How to fix Denial of Service (DoS)? There is no fixed version for `c3p0:c3p0`.	[0,)

XML External Entity (XXE) Injection

c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0"

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. via the extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

How to fix XML External Entity (XXE) Injection?

There is no fixed version for c3p0:c3p0.

[0,)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing protections against recursive entity expansion when loading XML configurations.

How to fix Denial of Service (DoS)?

There is no fixed version for c3p0:c3p0.

[0,)

Go back to all versions of this package

c3p0:c3p0@0.8.5.2 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities