CVE-2019-5427

Summary

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

Affected Software

VendorProductVersion RangeStatus
n/ac3p0before 0.9.5.4affected

Weaknesses

  • CWE-776: XML Entity Expansion (CWE-776)

ADP Enrichment

CVE Program Container

Additional References

References