PT-2024-20448 · Npm · @Tanstack/React-Query-Next-Experimental
Phryneas
·
Published
2024-01-30
·
Updated
2024-04-23
·
CVE-2024-24558
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
@tanstack/react-query-next-experimental versions prior to 5.18.0
Description
The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. This vulnerability arises from improper handling of untrusted input when @tanstack/react-query-next-experimental performs server-side rendering of HTML pages.
Recommendations
To fix this issue, please update to version 5.18.0 or later.
There are no known workarounds for this issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
@Tanstack/React-Query-Next-Experimental