mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 03:02:30 +00:00
1.1 KiB
1.1 KiB
CVE-2019-5427
&color=brighgreen)
Description
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
POC
Reference
- https://hackerone.com/reports/509315
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html