VYPR
Moderate severityNVD Advisory· Published Jul 29, 2013· Updated Jun 16, 2026

CVE-2013-3300

CVE-2013-3300

Description

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
net.liftweb:lift-webkitMaven
>= 0
net.liftweb:lift-webkit_2.7.7Maven
>= 0
net.liftweb:lift-webkit_2.8.0Maven
>= 0
net.liftweb:lift-webkit_2.8.1Maven
>= 0
net.liftweb:lift-webkit_2.8.2Maven
>= 0
net.liftweb:lift-webkit_2.9.0Maven
>= 0
net.liftweb:lift-webkit_2.9.0-1Maven
>= 0
net.liftweb:lift-webkit_2.9.1Maven
< 2.52.5

Affected products

19

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.