CVE-2019-5427

Publication date

2019-04-22 20:52:56

Family

hackerone

State

PUBLISHED

Description

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.