Lucene search

Veracode Vulnerability DatabaseVERACODE:45252

HistoryJan 31, 2024 - 7:21 a.m.

Cross Site Scripting (XSS)

2024-01-3107:21:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

vulnerable software

improper handling

hydration stream provider

server-side rendering

html pages

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

@tanstack/react-query-next-experimental is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper handling of the id variable within the createHydrationStreamProvider method, which allows an attacker to inject arbitrary JavaScript when react-query-next-experimental preforms server-side rendering of HTML pages

CPENameOperatorVersion
@tanstack/react-query-next-experimentalle5.17.19
@tanstack/react-query-next-experimentalle5.17.19

CPE	Name	Operator	Version
	@tanstack/react-query-next-experimental	le	5.17.19
	@tanstack/react-query-next-experimental	le	5.17.19

References

github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1

github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for VERACODE:45252