GHSA-jf9v-fxfq-wm76

Source

https://github.com/advisories/GHSA-jf9v-fxfq-wm76

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jf9v-fxfq-wm76/GHSA-jf9v-fxfq-wm76.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jf9v-fxfq-wm76

Aliases

CVE-2013-3300

Published

2022-05-17T05:07:19Z

Modified

2024-12-06T05:32:36.018585Z

Summary

Lift Sensitive Information Disclosure

Details

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.

Database specific

{
    "nvd_published_at": "2013-07-29T13:59:00Z",
    "cwe_ids": [
        "CWE-119"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T18:47:53Z"
}

References

Affected packages

Maven / net.liftweb:lift-webkit

Package

Name: net.liftweb:lift-webkit; View open source insights on deps.dev
Purl: pkg:maven/net.liftweb/lift-webkit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5

Affected versions

0.*

0.7

0.8

0.9

0.10

1.*

1.0

1.0.1

1.0.2

1.0.3

1.1-M1

1.1-M3

1.1-M4

1.1-M5

1.1-M6

1.1-M7

1.1-M8

2.*

2.0-M1

2.0-M2

2.0-M3

2.0-M4

2.0-M5

2.0-RC1

2.0-RC2

2.0