x/vulndb: potential Go vuln in github.com/jackc/pgx/v5: GHSA-fqpg-rq76-99pq

[GoVulnBot]

Advisory GHSA-fqpg-rq76-99pq references a vulnerability in the following Go modules:

Module
github.com/jackc/pgx
github.com/jackc/pgx/v4
github.com/jackc/pgx/v5

Description: Pipeline can panic when PgConn is busy or closed.

References:

• ADVISORY: https://github.com/advisories/GHSA-fqpg-rq76-99pq
• FIX: https://github.com/jackc/pgx/commit/dfd198003a03dbb96e4607b0d3a0bb9a7398ccb7

Cross references:

• Module github.com/jackc/pgx/v5 appears in issue #2567
• Module github.com/jackc/pgx/v4 appears in issue #2605
• Module github.com/jackc/pgx/v4 appears in issue #2606
• Module github.com/jackc/pgx/v5 appears in issue #2606

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/jackc/pgx
      vulnerable_at: 3.6.2+incompatible
    - module: github.com/jackc/pgx/v4
      vulnerable_at: 4.18.3
    - module: github.com/jackc/pgx/v5
      versions:
        - fixed: 5.5.2
      vulnerable_at: 5.5.1
summary: Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
ghsas:
    - GHSA-fqpg-rq76-99pq
references:
    - advisory: https://github.com/advisories/GHSA-fqpg-rq76-99pq
    - fix: https://github.com/jackc/pgx/commit/dfd198003a03dbb96e4607b0d3a0bb9a7398ccb7
source:
    id: GHSA-fqpg-rq76-99pq
    created: 2024-07-05T21:01:13.951638683Z
review_status: UNREVIEWED

[tatianab]

GHSA for https://github.com/golang/vulndb/issues/2567

[gopherbot]

Change https://go.dev/cl/597156 mentions this issue: data/reports: update 2 reports