What is GHSA-5wfc-hjrc-gq87?

GHSA-5wfc-hjrc-gq87 is a security advisory published by GitHub Security Advisories with High severity. hjson stack exhaustion vulnerability

Which CVE IDs does GHSA-5wfc-hjrc-gq87 cover?

GHSA-5wfc-hjrc-gq87 covers the following CVE IDs: CVE-2023-34620. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-5wfc-hjrc-gq87?

GHSA-5wfc-hjrc-gq87 has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

Which products are affected by GHSA-5wfc-hjrc-gq87?

GHSA-5wfc-hjrc-gq87 affects 3 products, including: maven/org.hjson:hjson:\u003c= 3.0.0; composer/laktak/hjson:\u003c 2.3.0; go/github.com/hjson/hjson-go/v4:\u003c 4.5.0.

GHSA-5wfc-hjrc-gq87HighCVSS 7.5

hjson stack exhaustion vulnerability

Vendor

GitHub Security Advisories

Published

June 14, 2023

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2023-34620 →

📋 Description

An issue was discovered hjson through 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures.

🎯 Affected products3

maven/org.hjson:hjson:<= 3.0.0
composer/laktak/hjson:< 2.3.0
go/github.com/hjson/hjson-go/v4:< 4.5.0

🔗 References (8)

https://nvd.nist.gov/vuln/detail/CVE-2023-34620
https://github.com/hjson/hjson-java/issues/24
https://github.com/hjson/hjson-cpp/pull/54
https://github.com/hjson/hjson-go/pull/67
https://github.com/hjson/hjson-php/pull/45
https://github.com/hjson/hjson-go/commit/326599cebc6ef759892f473bf1439b98466a99fa
https://github.com/hjson/hjson-php/commit/2d1b8b4b158a8d841f3a228f267c7cd84fe5a4fa
https://github.com/advisories/GHSA-5wfc-hjrc-gq87