CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
49.9%
The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users’ sessions via invalid input data containing a < (less than) character.
Vendor | Product | Version | CPE |
---|---|---|---|
liftweb | lift | * | cpe:2.3:a:liftweb:lift:*:rc6:*:*:*:*:*:* |
liftweb | lift | 2.1 | cpe:2.3:a:liftweb:lift:2.1:*:*:*:*:*:*:* |
liftweb | lift | 2.2 | cpe:2.3:a:liftweb:lift:2.2:*:*:*:*:*:*:* |
liftweb | lift | 2.3 | cpe:2.3:a:liftweb:lift:2.3:*:*:*:*:*:*:* |
liftweb | lift | 2.4 | cpe:2.3:a:liftweb:lift:2.4:*:*:*:*:*:*:* |
liftweb | lift | 2.5 | cpe:2.3:a:liftweb:lift:2.5:m4:*:*:*:*:*:* |
liftweb | lift | 2.5 | cpe:2.3:a:liftweb:lift:2.5:rc1:*:*:*:*:*:* |
liftweb | lift | 2.5 | cpe:2.3:a:liftweb:lift:2.5:rc2:*:*:*:*:*:* |
liftweb | lift | 2.5 | cpe:2.3:a:liftweb:lift:2.5:rc3:*:*:*:*:*:* |
liftweb | lift | 2.5 | cpe:2.3:a:liftweb:lift:2.5:rc4:*:*:*:*:*:* |