EPSS
Percentile
89.8%
c3p0 is vulnerable to XML external entity (XXE) attacks. The external entity expansion is not disabled in the XML parser, which would allow a remote attacker to perform XXE attacks via a crafted XML document. This CVE is also known as CVE-2019-5427.
github.com/zhutougg/c3p0/commit/2eb0ea97f745740b18dd45e4a909112d4685f87b