c3p0:c3p0@0.8.5.2 vulnerabilities

  • latest version

    0.9.1.2

  • first published

    20 years ago

  • latest version published

    17 years ago

  • licenses detected

  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the c3p0:c3p0 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    XML External Entity (XXE) Injection

    c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0"

    Affected versions of this package are vulnerable to XML External Entity (XXE) Injection. via the extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

    How to fix XML External Entity (XXE) Injection?

    There is no fixed version for c3p0:c3p0.

    [0,)
    • H
    Denial of Service (DoS)

    c3p0:c3p0 is a lIbrary for augmenting traditional (DriverManager-based) JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 std extension. Note: This library is no longer maintained and has migrated to the artifact "com.mchange:c3p0"

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing protections against recursive entity expansion when loading XML configurations.

    How to fix Denial of Service (DoS)?

    There is no fixed version for c3p0:c3p0.

    [0,)