Mchange: >> C3p0 >> 0.8.4.5 Security Vulnerabilities
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
CVSS Score
7.5
EPSS Score
0.026
Published
2019-04-22