CVE-2024-24558 Information

Description

TanStack Query supplies asynchronous state management server-state utilities and data fetching for the web. The @tanstack/react-query-next-experimental NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue please update to version 5.18.0 or later.

Reference

https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1