CVE-2024-24558

TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.
Configurations

Configuration 1 (hide)

cpe:2.3:a:tanstack:react-query-next-experimental:*:*:*:*:*:node.js:*:*

History

23 Apr 2024, 19:52

Type Values Removed Values Added
CPE cpe:2.3:a:tanstack:query:*:*:*:*:*:node.js:*:* cpe:2.3:a:tanstack:react-query-next-experimental:*:*:*:*:*:node.js:*:*
First Time Tanstack react-query-next-experimental

06 Feb 2024, 19:35

Type Values Removed Values Added
First Time Tanstack
Tanstack query
CPE cpe:2.3:a:tanstack:query:*:*:*:*:*:node.js:*:*
References () https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf - () https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf - Vendor Advisory
References () https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1 - () https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1 - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1

30 Jan 2024, 20:48

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-30 20:15

Updated : 2024-04-23 19:52


NVD link : CVE-2024-24558

Mitre link : CVE-2024-24558

CVE.ORG link : CVE-2024-24558


JSON object : View

Products Affected

tanstack

  • react-query-next-experimental
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')