XXE vulnerability in c3p0 0.9.5.2 during initialization

XXE vulnerability in c3p0 0.9.5.2 during initialization

CVE-2018-20433 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

Learn more about our Web Application Penetration Testing UK.