Zhutougg

**Name of the Vulnerable Software and Affected Versions** c3p0 version 0.9.5.2 **Description** The issue allows XXE (XML External Entity) attacks in the `extractXmlConfigFromInputStream` function within `com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java` during the initialization process. **Recommendations** For c3p0 version 0.9.5.2, consider disabling the `extractXmlConfigFromInputStream` function as a temporary workaround until a patch is available. Restrict access to the `C3P0ConfigXmlUtils` class to minimize the risk of exploitation. Avoid using external XML entities in the configuration until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** nmap4j version 1.1.0 **Description** The issue allows attackers to execute arbitrary commands via shell metacharacters in an `includeHosts` call. **Recommendations** For nmap4j version 1.1.0, consider restricting the use of the `includeHosts` call until a patch is available to prevent the execution of arbitrary commands.