CVE-2013-3300

Lift < 2.5 - Authenticated Information Disclosure via JsonParser End-Index Mishandling

Title source: llm
STIX 2.1

Description

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.

Scores

EPSS 0.0148
EPSS Percentile 70.7%

Details

CWE
CWE-119
Status published
Products (14)
liftweb/lift 2.1
liftweb/lift 2.2
liftweb/lift 2.3
liftweb/lift 2.4
liftweb/lift 2.5 m4 (6 CPE variants)
liftweb/lift < 2.5
net.liftweb/lift-webkit 0Maven
net.liftweb/lift-webkit_2.7.7 0Maven
net.liftweb/lift-webkit_2.8.0 0Maven
net.liftweb/lift-webkit_2.8.1 0Maven
... and 4 more
Published Jul 29, 2013
Tracked Since Feb 18, 2026