CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-3300

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.6%

CVSS Severity

CVSS v2 Score 4.0

References

http://blog.addepar.com/2013/07/an-atypical-web-vulnerability.html
https://github.com/lift/framework/commit/099d9c86cf6d81f4953957add478ab699946e601
http://blog.addepar.com/2013/07/an-atypical-web-vulnerability.html
https://github.com/lift/framework/commit/099d9c86cf6d81f4953957add478ab699946e601

Products affected by CVE-2013-3300

Liftweb » Lift » Version: 2.1

cpe:2.3:a:liftweb:lift:2.1
Liftweb » Lift » Version: 2.2

cpe:2.3:a:liftweb:lift:2.2
Liftweb » Lift » Version: 2.3

cpe:2.3:a:liftweb:lift:2.3
Liftweb » Lift » Version: 2.4

cpe:2.3:a:liftweb:lift:2.4
Liftweb » Lift » Version: 2.5

cpe:2.3:a:liftweb:lift:2.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3300

Products

Pricing

Contact Us