High severityNVD Advisory· Published Jan 30, 2024· Updated Aug 23, 2024
react-query-streamed-hydration xss
CVE-2024-24558
Description
TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@tanstack/react-query-next-experimentalnpm | >= 5.0.0, < 5.18.0 | 5.18.0 |
Affected products
2- TanStack/queryv5Range: >=5.0.0, < 5.18.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-997g-27x8-43rfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-24558ghsaADVISORY
- github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1ghsax_refsource_MISCWEB
- github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rfghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.