WS-2020-0287

Date: March 4, 2020

Apache commons-dbcp through 2.8.0 exposes sensitive information via JMX. If a BasicDataSource is created with jmxName set, password property is exposed/exported via jmx and is visible for everybody who is connected to jmx port.

Language: Java