x/vulndb: potential Go vuln in github.com/vektah/gqlparser: GHSA-2hmf-46v7-v6fx

[GoVulnBot]

In GitHub Security Advisory GHSA-2hmf-46v7-v6fx, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/vektah/gqlparser	2.5.14	< 2.5.14

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/vektah/gqlparser
      non_go_versions:
        - fixed: 2.5.14
      vulnerable_at: 1.3.1
      packages:
        - package: github.com/vektah/gqlparser
    - module: github.com/vektah/gqlparser
      non_go_versions:
        - fixed: 2.5.14
      vulnerable_at: 1.3.1
      packages:
        - package: github.com/vektah/gqlparser/v2
summary: gqlparser denial of service vulnerability via the parserDirectives function in github.com/vektah/gqlparser
cves:
    - CVE-2023-49559
ghsas:
    - GHSA-2hmf-46v7-v6fx
references:
    - advisory: https://github.com/advisories/GHSA-2hmf-46v7-v6fx
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-49559
    - fix: https://github.com/vektah/gqlparser/commit/36a3658873bf5a107f42488dfc392949cdd02977
    - report: https://github.com/99designs/gqlgen/issues/3118
    - web: https://gist.github.com/uvzz/d3ed9d4532be16ec1040a2cf3dfec8d1
    - web: https://github.com/vektah/gqlparser/blob/master/parser/query.go#L316
source:
    id: GHSA-2hmf-46v7-v6fx
    created: 2024-06-12T23:01:20.179226891Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/595957 mentions this issue: data/reports: add 5 reports