c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mchange c3p0 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
oracle retail xstore point of service 15.0 |
||
oracle flexcube private banking 12.1.0 |
||
oracle flexcube private banking 12.0.0 |
||
oracle webcenter sites 12.2.1.3.0 |
||
oracle retail xstore point of service 16.0 |
||
oracle webcenter sites 12.2.1.4.0 |
||
oracle retail xstore point of service 17.0 |
||
oracle retail xstore point of service 18.0 |
||
oracle retail xstore point of service 19.0 |
||
oracle communications ip service activator 7.4.0 |
||
oracle communications ip service activator 7.3.0 |
||
oracle hyperion infrastructure technology 11.1.2.4 |
||
oracle enterprise manager ops center 12.4.0.0 |
||
oracle communications session route manager |
||
oracle enterprise manager base platform 13.2.1.0 |
||
oracle documaker |