MidnightBSD

Advisories for liftweb

CVE-2013-3300 MEDIUM

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
liftweb lift 2.3
liftweb lift *
liftweb lift 2.2
liftweb lift 2.4
liftweb lift 2.1
liftweb lift 2.5