CVE-2019-5427

2019-04-22T21:29:00
ID CVE-2019-5427
Type cve
Reporter cve@mitre.org
Modified 2020-07-15T03:15:00

Description

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.