4 matches found
CVE-2013-3300
The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a less than character...
com.sun.jersey.contribs:jersey-lift (>=1.1.1-ea <=1.1.5-ea-v20091019), com.sun.jersey.contribs:jersey-lift-test (>=1.1.1-ea <=1.1.5-ea-v20091019) +29 more potentially affected by CVE-2013-3300 via net.liftweb:lift-webkit (>=2.0 <=2.0-RC2)
net.liftweb:lift-webkit MAVEN version =2.0, =1.1.1-ea, =1.1.1-ea, =2.0-M1, =2.0, =2.0, =2.0-RC2 - net.liftweb:lift-flot-demo =2.0-M4 - net.liftweb:lift-hellofbc =2.0-M4 and more Source cves: CVE-2013-3300 Source advisory: OSV:GHSA-JF9V-FXFQ-WM76...
com.fmpwizard:lift-named-comet_2.9.1 (=0.3), com.foursquare:rogue-lift_2.9.1 (>=2.0.0 <=3.0.0-beta15) +25 more potentially affected by CVE-2013-3300 via net.liftweb:lift-webkit_2.9.1 (>=2.4 <=2.4-RC1)
net.liftweb:lift-webkit2.9.1 MAVEN version =2.4, =2.0.0, =2.0.0, =1.0.24, =2.5, =2.5, =0.0.3, =0.0.3, =2.4, =2.4, =2.4, =2.4, =2.4, =2.4-RC1 and more Source cves: CVE-2013-3300 Source advisory: OSV:GHSA-JF9V-FXFQ-WM76...
CVE-2013-3300
The connected documents confirm a vulnerability in Lift (before 2.5) where JsonParser.scala’s end-index is misinterpreted as a length, enabling remote authenticated users to access sensitive information from other sessions via input containing a