{"url":"http://public2.vulnerablecode.io/api/packages/970241?format=json","purl":"pkg:maven/com.mchange/c3p0@0.10.0","type":"maven","namespace":"com.mchange","name":"c3p0","version":"0.10.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.12.0","latest_non_vulnerable_version":"0.12.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50401?format=json","vulnerability_id":"VCID-34j5-gmja-tbae","summary":"c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property\nc3p0 is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents a `Map<String,Map<String,String>>`. Prior to v0.12.0, that property was maintained as a hex-encoded serialized object. Any attacker able to reset this property, on an existing `ConnectionPoolDataSource` or via maliciously crafted serialized objects or `javax.naming.Reference` instances could be tailored execute unexpected code on the application's `CLASSPATH`.\n\nThe danger of this vulnerability was strongly magnified by vulnerabilities in c3p0's main dependency, mchange-commons-java. This library includes code that mirrors early implementations of JNDI functionality, including ungated support for remote `factoryClassLocation` values. Attackers could set c3p0's `userOverridesAsString` hex-encoded serialized objects that include objects \"indirectly serialized\" via JNDI references. Deserialization of those objects and dereferencing of the embedded `javax.naming.Reference` objects could provoke download and execution of malicious code from a remote `factoryClassLocation`.\n\nAlthough hazard presented by c3p0's vulnerabilites are exarcerbated by vulnerabilities in mchange-commons-java, use of Java-serialized-object hex as the format for a writable Java-Bean property, of objects that may be exposed across JNDI interfaces, represents a serious independent fragility.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27830.json","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27830.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27830","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54811","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54807","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54817","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.5481","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54791","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27830"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27830","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27830"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/swaldman/c3p0","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/swaldman/c3p0"},{"reference_url":"https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-02T03:55:34Z/"}],"url":"https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e"},{"reference_url":"https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-02T03:55:34Z/"}],"url":"https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal"},{"reference_url":"https://www.mchange.com/projects/c3p0/#configuring_security","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-02T03:55:34Z/"}],"url":"https://www.mchange.com/projects/c3p0/#configuring_security"},{"reference_url":"https://www.mchange.com/projects/c3p0/#security-note","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-02T03:55:34Z/"}],"url":"https://www.mchange.com/projects/c3p0/#security-note"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129318","reference_id":"1129318","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129318"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442908","reference_id":"2442908","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442908"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27830","reference_id":"CVE-2026-27830","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27830"},{"reference_url":"https://github.com/advisories/GHSA-5476-xc4j-rqcv","reference_id":"GHSA-5476-xc4j-rqcv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5476-xc4j-rqcv"},{"reference_url":"https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv","reference_id":"GHSA-5476-xc4j-rqcv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-02T03:55:34Z/"}],"url":"https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18054","reference_id":"RHSA-2026:18054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18055","reference_id":"RHSA-2026:18055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18059","reference_id":"RHSA-2026:18059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4285","reference_id":"RHSA-2026:4285","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4285"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74292?format=json","purl":"pkg:maven/com.mchange/c3p0@0.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.mchange/c3p0@0.12.0"}],"aliases":["CVE-2026-27830","GHSA-5476-xc4j-rqcv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34j5-gmja-tbae"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.mchange/c3p0@0.10.0"}