CVE-2019-5427

2019-04-22T21:29:00
ID CVE-2019-5427
Type cve
Reporter cve-assignments@hackerone.com
Modified 2021-10-20T11:15:00

Description

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.