EPSS
Percentile
78.4%
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
bugzilla.redhat.com/show_bug.cgi?id=1664729
www.cve.org/CVERecord?id=CVE-2018-20433 https://nvd.nist.gov/vuln/detail/CVE-2018-20433