Lucene search
GitHub Advisory DatabaseGHSA-JF9V-FXFQ-WM76HistoryMay 17, 2022 - 5:07 a.m.
Lift Sensitive Information Disclosure
2022-05-1705:07:19
CWE-119
GitHub Advisory Database
github.com
7
sensitive information
remote authentication
invalid input
session disclosure
lift framework
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
0.001
Percentile
49.9%
The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users’ sessions via invalid input data containing a < (less than) character.
Affected configurations
Node
net.liftweblift-webkitRange<2.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| net.liftweb | lift-webkit | * | cpe:2.3:a:net.liftweb:lift-webkit:*:*:*:*:*:*:*:* |
Related
osv
osv
Lift Sensitive Information Disclosure
2022-05-17 05:07:19
cvelist
cvelist
CVE-2013-3300
2013-07-26 17:00:00
cve
cve
CVE-2013-3300
2013-07-29 13:59:05
nvd
nvd
CVE-2013-3300
2013-07-29 13:59:05
prion
prion
Authentication flaw
2013-07-29 13:59:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
0.001
Percentile
49.9%
Related for GHSA-JF9V-FXFQ-WM76