Lucene search
GitHub Advisory DatabaseGHSA-84P2-VF58-XHXVHistoryApr 23, 2019 - 4:03 p.m.
Billion laughs attack in c3p0
2019-04-2316:03:18
CWE-776
GitHub Advisory Database
github.com
56
0.025 Low
EPSS
Percentile
90.0%
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.mchange:c3p0 | le | 0.9.5.3 |
References
github.com/advisories/GHSA-84p2-vf58-xhxv
hackerone.com/reports/509315
lists.fedoraproject.org/archives/list/[email protected]/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/
lists.fedoraproject.org/archives/list/[email protected]/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/
nvd.nist.gov/vuln/detail/CVE-2019-5427
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpuoct2020.html
www.oracle.com/security-alerts/cpuoct2021.html
Related
veracode
veracode
XML Entity Expansion (XEE)
2019-07-08 15:36:42
XML External Entity (XXE)
2018-12-26 01:56:50
osv
osv
c3p0 vulnerability
2022-02-22 10:19:21
CVE-2019-5427
2019-04-22 21:29:00
c3p0 vulnerability
2022-02-21 15:55:18
debiancve
debiancve
CVE-2019-5427
2019-04-22 21:29:00
ubuntu
ubuntu
c3p0 vulnerability
2022-02-22 00:00:00
c3p0 vulnerability
2022-02-21 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : c3p0 vulnerability (USN-5293-1)
2022-02-22 00:00:00
Ubuntu 16.04 ESM : c3p0 vulnerability (USN-5293-2)
2023-10-20 00:00:00
Fedora 30 : c3p0 (2019-cb14e234fc)
2019-05-29 00:00:00
ubuntucve
ubuntucve
CVE-2019-5427
2019-04-22 00:00:00
prion
prion
Design/Logic Flaw
2019-04-22 21:29:00
cve
cve
CVE-2019-5427
2019-04-22 21:29:00
redhatcve
redhatcve
CVE-2019-5427
2019-05-14 12:50:17
openvas
openvas
Ubuntu: Security Advisory (USN-5293-1)
2022-02-23 00:00:00
Ubuntu: Security Advisory (USN-5293-2)
2023-01-27 00:00:00
Mageia: Security Advisory (MGASA-2020-0051)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: c3p0-0.9.5.4-1.fc30
2019-05-29 00:50:47
[SECURITY] Fedora 29 Update: c3p0-0.9.5.4-1.fc29
2019-05-29 02:59:54
hackerone
hackerone
githubexploit
githubexploit
mageia
mageia
Updated c3p0 packages fix security vulnerabilities
2020-01-28 10:52:40
redhat
redhat
(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update
2020-03-26 15:40:22
ibm
ibm
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
2020-02-20 12:42:12
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00