[HIGH] webonyx/graphql-php has unbounded recursion in parser that causes stack overflow on crafted nested input

PKSA-xwpn-zs9j-6wy5 GHSA-r7cg-qjjm-xhqq

Affected version: <=15.32.2

Reported by:
GitHub

[HIGH] webonyx/graphql-php has quadratic validation cost in OverlappingFieldsCanBeMerged via inline fragments

PKSA-sf9j-1gs7-xzvx GHSA-fc86-6rv6-2jpm

Affected version: <15.32.2

Reported by:
GitHub