353 matches found
CVE-2024-24558
TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or...
CVE-2024-57068
Prototype pollution in @tanstack/form-core lib.mutateMergeDeep (v0.35.0) allows crafted payloads to trigger a DoS. PoC exists per connected sources; no patch/version remediation details provided in the documents. Affected: core library function; root cause: unsafe object property handling leading...
form 安全漏洞
form is an open source form state management program from TanStack. A security vulnerability exists in form version v0.35.0, which stems from the lib.mutateMergeDeep function containing a prototype contamination vulnerability...
CVE-2024-57068
A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
CVE-2024-57068
A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...
CVE-2024-24558
TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or...
Cross site scripting
TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or...
CVE-2024-24558
The CVE-2024-24558 entry concerns the TanStack Query package, specifically the @tanstack/react-query-next-experimental component. The vulnerability is a cross‑site scripting (XSS) flaw that arises from improper handling of untrusted input during server‑side rendering, allowing an attacker to inje...
CVE-2024-24558 react-query-streamed-hydration xss
TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or...
CVE-2024-24558 react-query-streamed-hydration xss
TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or...
CVE-2024-24558 react-query-streamed-hydration xss
TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or...
PT-2024-20448 · Npm · @Tanstack/React-Query-Next-Experimental
Name of the Vulnerable Software and Affected Versions: @tanstack/react-query-next-experimental versions prior to 5.18.0 Description: The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either...
TanStack Query Cross-Site Scripting Vulnerability
TanStack Query is an open source, full-featured, TypeScript-enabled library from TanStack Open Source. A cross-site scripting vulnerability exists in TanStack Query. An attacker can exploit this vulnerability to inject malicious input...