EPSS
Percentile
89.8%
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
bugzilla.redhat.com/show_bug.cgi?id=1709860
nvd.nist.gov/vuln/detail/CVE-2019-5427
www.cve.org/CVERecord?id=CVE-2019-5427