data/reports/GO-2022-0942.yaml - vulndb - Git at Google

 modules:
   - module: github.com/graphql-go/graphql
     vulnerable_at: 0.8.0
     packages:
       - package: github.com/graphql-go/graphql/language/parser
         symbols:
           - Parse
 description: |
     graphql-go (aka GraphQL for Go) has infinite recursion
     in the type definition parser.
 published: 2022-08-23T13:19:13Z
 cves:
   - CVE-2022-37315
 ghsas:
   - GHSA-h3qm-jrrf-cgj3
 references:
   - fix: https://github.com/graphql-go/graphql/pull/642
   - fix: https://github.com/graphql-go/graphql/pull/642/commits/4188bd5b3877f7badb951b421cf66e0af2eacb22
	modules:
	- module: github.com/graphql-go/graphql
	vulnerable_at: 0.8.0
	packages:
	- package: github.com/graphql-go/graphql/language/parser
	symbols:
	- Parse
	description: \|
	graphql-go (aka GraphQL for Go) has infinite recursion
	in the type definition parser.
	published: 2022-08-23T13:19:13Z
	cves:
	- CVE-2022-37315
	ghsas:
	- GHSA-h3qm-jrrf-cgj3
	references:
	- fix: https://github.com/graphql-go/graphql/pull/642
	- fix: https://github.com/graphql-go/graphql/pull/642/commits/4188bd5b3877f7badb951b421cf66e0af2eacb22