VOOZH about

URL: https://github.com/advisories/GHSA-5wfc-hjrc-gq87

⇱ hjson stack exhaustion vulnerability · CVE-2023-34620 · GitHub Advisory Database · GitHub

Skip to content

hjson stack exhaustion vulnerability

High severity GitHub Reviewed Published to the GitHub Advisory Database • Updated

Package

github.com/hjson/hjson-go/v4 (Go)

Affected versions

< 4.5.0

Patched versions

4.5.0
laktak/hjson (Composer)
< 2.3.0
2.3.0
org.hjson:hjson (Maven)
<= 3.0.0
3.0.1

Description

An issue was discovered hjson through 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted objects that deeply nested structures.

References

Published to the GitHub Advisory Database
Reviewed
Last updated

Severity

High
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS score

(51st percentile)

Weaknesses

CVE ID

CVE-2023-34620

GHSA ID

GHSA-5wfc-hjrc-gq87

Source code

No known source code

Credits

See something to contribute? Suggest improvements for this vulnerability.
You can’t perform that action at this time.