XXE vulnerability in c3p0 0.9.5.2 during initialization
CVE-2018-20433 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
Learn more about our Web Application Penetration Testing UK.