Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/07/03 2:36 p.m.7 views

CVE-2026-55223

A flaw was found in c3p0, a JDBC Connection pooling library. This vulnerability allows a remote attacker to potentially execute arbitrary code by crafting a malicious data source object. When an application deserializes this object and automatically resolves its properties, it can trigger...

7.5CVSS6.3AI score0.00284EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-55223

c3p0 is a JDBC Connection pooling library. In versions prior to 0.14.0, c3p0 in combination with other libraries, can compose to a "sink" for deserialization gadgets. The JDBC spec's DataSource.getConnection and ConnectionPoolDataSource.getPooledConnection match the getXXX form, so JavaBean...

6.3CVSS5.7AI score0.00284EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 5:2 p.m.7 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Control of Generation of Code ('Code Injection') (CVE-2026-27830)

Summary There are vulnerabilities in c3p0-0.9.5.4.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27830. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is vulnerable to attack via...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2026/04/14 4:29 a.m.23 views

RCE (Remote Code Execution) at c3p0 dependency in Crucible Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 4.9.0 of Crucible Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.9 and a CVSS Vector of code:java CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H code allows an...

8.9CVSS6.3AI score0.00534EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/27 12:24 a.m.16 views

SUSE CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8CVSS6AI score0.00534EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/26 6:55 p.m.9 views

CVE-2026-27830

A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...

8.9CVSS6.5AI score0.00534EPSS
Exploits0References8
OSV
OSV
added 2026/02/26 1:16 a.m.7 views

DEBIAN-CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS8.1AI score0.00534EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 12:45 a.m.5 views

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

8.9CVSS6.2AI score0.00534EPSS
Exploits0References6Affected Software1
Fedora
Fedora
added 2019/05/29 2:59 a.m.55 views

[SECURITY] Fedora 29 Update: c3p0-0.9.5.4-1.fc29

c3p0 is an easy-to-use library for augmenting traditional JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 standard extension...

9.8CVSS2.4AI score0.04882EPSS
Exploits1
Fedora
Fedora
added 2019/05/29 12:50 a.m.50 views

[SECURITY] Fedora 30 Update: c3p0-0.9.5.4-1.fc30

c3p0 is an easy-to-use library for augmenting traditional JDBC drivers with JNDI-bindable DataSources, including DataSources that implement Connection and Statement Pooling, as described by the jdbc3 spec and jdbc2 standard extension...

9.8CVSS2.4AI score0.04882EPSS
Exploits1
OSV
OSV
added 2019/04/23 4:3 p.m.11 views

GHSA-84P2-VF58-XHXV Billion laughs attack in c3p0

c3p0 version 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration...

7.5CVSS7.1AI score0.04882EPSS
Exploits1References9
OSV
OSV
added 2019/01/07 7:14 p.m.2 views

GHSA-Q485-J897-QC27 XML External Entity Reference in mchange:c3p0

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization...

9.8CVSS5.8AI score0.04589EPSS
Exploits0References7
Rows per page
Query Builder