x/vulndb: add data/reports/GO-2022-0942.yaml for CVE-2022-37315

jba · jba · commit 4c21b1750daf · 2022-08-23T13:19:13.000Z
Fixes #942 Change-Id: I1d84065f2482d045f67e508b07b8a2f1ec4af485 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/425087 Reviewed-by: Julie Qiu <julieqiu@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/reports/GO-2022-0942.yaml b/data/reports/GO-2022-0942.yaml
@@ -0,0 +1,18 @@
+modules:
+  - module: github.com/graphql-go/graphql
+    versions:
+    vulnerable_at: 0.8.0
+    packages:
+      - package: github.com/graphql-go/graphql/language/parser
+        symbols:
+          - Parse
+description: |
+    graphql-go (aka GraphQL for Go) has infinite recursion
+    in the type definition parser.
+cves:
+  - CVE-2022-37315
+ghsas:
+  - GHSA-h3qm-jrrf-cgj3
+links:
+    pr: https://github.com/graphql-go/graphql/pull/642
+    commit: https://github.com/graphql-go/graphql/pull/642/commits/4188bd5b3877f7badb951b421cf66e0af2eacb22
