CVE-2024-24558

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 30, 2024
Updated: Apr 23, 2024
CWE ID 79

Summary

CVE-2024-24558 is a cross-site scripting (XSS) vulnerability affecting the `@tanstack/react-query-next-experimental` NPM package of TanStack Query. This package offers asynchronous state management, server-state utilities, and data fetching for web applications. An attacker can exploit this flaw by injecting malicious input or arranging for malicious data to be returned from an endpoint. To mitigate this risk, it is recommended to update to TanStack Query version 5.18.0 or later.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share