CVE-2024-24558

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/@tanstack/react-query-next-experimental

Identifiers

GHSA-997g-27x8-43rf, CVE-2024-24558

Package Slug

npm/@tanstack/react-query-next-experimental

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.

Affected Versions

All versions starting from 5.0.0 before 5.18.0

Solution

Upgrade to version 5.18.0 or above.

Last Modified

2024-01-31

source