go vuln check issue - Githubissues

ankitpatial commented 4 days ago

What happened?

excuting govulncheck -show verbose ./... results in

Vulnerability #1: GO-2024-2920
    Denial of service vulnerability via the parseDirectives function in
    github.com/vektah/gqlparser
  More info: https://pkg.go.dev/vuln/GO-2024-2920
  Module: github.com/vektah/gqlparser
    Found in: github.com/vektah/gqlparser@v1.3.1
    Fixed in: N/A

What did you expect?

no issue reported

Minimal graphql.schema and models to reproduce

versions

github.com/vektah/gqlparser/v2 v2.5.18
go version go1.23.2 darwin/arm64

StevenACoffman commented 4 days ago

The vulnerability is in github.com/vektah/gqlparser@v1.3.1 not in any version after that.

StevenACoffman commented 3 days ago

https://pkg.go.dev/vuln/GO-2024-2920 shows that v2 has no vulnerabilities after v2.5.14

ankitpatial commented 2 days ago

Thank you for checking on it.

vektah / gqlparser

go vuln check issue #330

What happened?

What did you expect?

Minimal graphql.schema and models to reproduce

versions