CVE-2019-5427

High

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against…

hackerone·CWE-776·Published 2019-04-22

CVSS

7.5

EPSS

0.05

KEV

Exploits

cve.orgen

187 chars

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

NVDen

187 chars

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

OSV.deven

187 chars

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

GHSAen

187 chars

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

NVDes

236 chars

En c3p0 versiones <0.9.5.4, puede ser explotada por un ataque de tipo a billion laughs al cargar la configuración XML producto de la falta de protecciones faltantes contra la expansión recursiva de la entidad al cargar la configuración.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H