c3p0:c3p0@0.8.5.2 vulnerabilities

latest version

0.9.1.2

first published

20 years ago

latest version published

17 years ago

licenses detected

LGPL-3.0
[0,)

package registry

View on Maven Central Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the c3p0:c3p0 package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C XML External Entity (XXE) Injection c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0" Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. via the `extractXmlConfigFromInputStream` in `com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java` during initialization. How to fix XML External Entity (XXE) Injection? There is no fixed version for `c3p0:c3p0`.	[0,)
H Denial of Service (DoS) c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0" Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing protections against recursive entity expansion when loading XML configurations. How to fix Denial of Service (DoS)? There is no fixed version for `c3p0:c3p0`.	[0,)

XML External Entity (XXE) Injection

c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0"

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. via the extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

How to fix XML External Entity (XXE) Injection?

There is no fixed version for c3p0:c3p0.

[0,)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing protections against recursive entity expansion when loading XML configurations.

How to fix Denial of Service (DoS)?

There is no fixed version for c3p0:c3p0.

[0,)

Go back to all versions of this package