Lucene search

CVE-2013-3300

🗓️ 29 Jul 2013 13:05:59Reported by [email protected]Type

The JsonParser class in Lift before 2.5 interprets a certain end-index value as a length value, allowing remote authenticated users to obtain sensitive information from other users' sessions via invalid input data

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2013-3300	26 Jul 201317:00	–	cvelist
CVE	CVE-2013-3300	29 Jul 201313:59	–	cve
OSV	Lift Sensitive Information Disclosure	17 May 202205:07	–	osv
Github Security Blog	Lift Sensitive Information Disclosure	17 May 202205:07	–	github
Prion	Authentication flaw	29 Jul 201313:59	–	prion

Nvd

Node

liftweb liftRange≤2.5rc6

liftweb liftMatch2.1

liftweb liftMatch2.2

liftweb liftMatch2.3

liftweb liftMatch2.4

liftweb liftMatch2.5m4

liftweb liftMatch2.5rc1

liftweb liftMatch2.5rc2

liftweb liftMatch2.5rc3

liftweb liftMatch2.5rc4

liftweb liftMatch2.5rc5

Source	Link
github	www.github.com/lift/framework/commit/099d9c86cf6d81f4953957add478ab699946e601
blog	www.blog.addepar.com/2013/07/an-atypical-web-vulnerability.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 Jul 2013 13:59Current

5.6Medium risk

Vulners AI Score5.6

CVSS24

EPSS0.00138

CWE-119