Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

Patch

com.mchange:c3p0 0.9.5.2

Back to all
Package Version

com.mchange:c3p0 0.9.5.2

Github Repository

Package Version Scores

Overall
0
/10
Security
4
Activity
6
Popularity
8
Quality
4
All Factors
Security
Activity
Popularity
Code Quality
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.
Quality
Pull Requests from Bots
Pull requests from bot accounts indicate that the project is using automation for development tasks.

Endor Patches

Patch Name
CVEs fixed
Lines of Code Changed
68db9d9831890cc05188b871
CVEs Fixed
C
1
H
1
+134
-16

Vulnerabilities Fixed

Cve Name
CVE ID
Severity
XML External Entity Reference in mchange:c3p0
CVE-2018-20433
Critical
Billion laughs attack in c3p0
CVE-2019-5427
High

Get the Patch Instantly Without Upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

References

Basic Information

Ecosystem
Release Date
December 1, 2025
LINES OF CODE CHANGED
+134
-16
-
on latest patch
License
Patch Available

Get the Patch Instantly

Secure your app without upgrading.
Fix Without Upgrading
{
"items": [
{
"title": "No Recent Commit Activity",
"description": "Lack of recent commit activity indicates that the project is not very active",
"category": "activity",
"type": "downscore"
},
{
"title": "No Closed Issues",
"description": "No closed issues indicate that the project may not be maintained",
"category": "activity",
"type": "downscore"
},
{
"title": "High Ratio of Issues Created by External Contributors",
"description": "A high ratio of issues opened by external contributors indicates that the project is active",
"category": "activity",
"type": "upscore"
},
{
"title": "No Recent Pull Request Activity",
"description": "Lack of recent pull request activity may indicate that the project is no longer active",
"category": "activity",
"type": "downscore"
},
{
"title": "Activity From Corporate Accounts",
"description": "Activity from corporate affiliated accounts indicates that the project may have reliable backing and support",
"category": "activity",
"type": "upscore"
},
{
"title": "Older Versions are Maintained",
"description": "The package keeps creating updates to earlier version trains, this is a sign of a commitment to maintaining and supporting the users of the project",
"category": "activity",
"type": "upscore"
},
{
"title": "Personal Repository",
"description": "When a repository is personal there is a higher risk of it getting abandoned in the future",
"category": "activity",
"type": "downscore"
},
{
"title": "Unfixed High Severity Vulnerabilities",
"description": "Unfixed high severity vulnerabilities discovered in a repository indicate an elevated security risk. Analysis only considers vulnerabilities associated with this repository and not its dependencies. Vulnerability information is based on OSV.dev data and Endor's vulnerability database",
"category": "security",
"type": "downscore"
},
{
"title": "Has Stars",
"description": "Having some stars indicates interest in the project. ",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Forks",
"description": "Many forks show an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "Many Subscribers",
"description": "A very large number of subscribers indicates an active interest in the project",
"category": "popularity",
"type": "upscore"
},
{
"title": "No Automated Build System",
"description": "Reproducible builds using makefiles or CI systems allow verification that no modifications, such as vulnerabilities or backdoors, have been introduced during a package's build process",
"category": "code quality",
"type": "downscore"
},
{
"title": "High Ratio of Test Code",
"description": "High quality projects should use tests",
"category": "code quality",
"type": "upscore"
},
{
"title": "Repository has Some Best Practice Files",
"description": "The repository has files that cover basic operational aspects of the project and this shows an emphasis on best practices",
"category": "code quality",
"type": "upscore"
},
{
"title": "Repository has Topics",
"description": "Configuring topics is an indication that the repository is well maintained",
"category": "activity",
"type": "upscore"
},
{
"title": "Multiple Licenses",
"description": "Repositories with multiple licenses require extra effort to determine their exact license status",
"category": "code quality",
"type": "downscore"
}
]
}