Information Exposure Affecting net.liftweb:lift-json_2.9.1 Open this link in a new tab package, versions [,2.5-RC3)

Attack Complexity

Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-NETLIFTWEB-30460
published

8 Jun 2016
disclosed

29 Jul 2013
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 29 Jul 2013

CVE-2013-3300 Open this link in a new tab CWE-119 Open this link in a new tab

Overview

net.liftweb:lift-json_2.9.1 The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.

References

NVD
GitHub Commit

Information Exposure Affecting net.liftweb:lift-json_2.9.1 Open this link in a new tab package, versions [,2.5-RC3)

Attack Complexity

snyk-id

published

disclosed

credit

Introduced: 29 Jul 2013

Overview

References