Improper Input Validation in JsonParser Class Allows Information Disclosure

Improper Input Validation in JsonParser Class Allows Information Disclosure

CVE-2013-3300 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The JsonParser class in json/JsonParser.scala in Lift before 2.5 interprets a certain end-index value as a length value, which allows remote authenticated users to obtain sensitive information from other users' sessions via invalid input data containing a < (less than) character.

Learn more about our User Device Pen Test.