TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.
References
Configurations
History
23 Apr 2024, 19:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:tanstack:react-query-next-experimental:*:*:*:*:*:node.js:*:* | |
First Time |
Tanstack react-query-next-experimental
|
06 Feb 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
First Time |
Tanstack
Tanstack query |
|
CPE | cpe:2.3:a:tanstack:query:*:*:*:*:*:node.js:*:* | |
References | () https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf - Vendor Advisory | |
References | () https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1 - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
30 Jan 2024, 20:48
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-30 20:15
Updated : 2024-04-23 19:52
NVD link : CVE-2024-24558
Mitre link : CVE-2024-24558
CVE.ORG link : CVE-2024-24558
JSON object : View
Products Affected
tanstack
- react-query-next-experimental
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')