5 matches found
SUSE CVE-2026-27830
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...
CVE-2026-27830
A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...
CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...
CVE-2026-27830 c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...
CVE-2026-27830
CVE-2026-27830 affects the c3p0 JDBC connection pool. Before 0.12.0, the property userOverridesAsString was stored as a hex-encoded serialized object, enabling an attacker to reset it and trigger deserialization that could load code from a remote factoryClassLocation via embedded JNDI references....