CVE-2024-24558
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jan 30, 2024
Updated: Apr 23, 2024
CWE ID 79
Summary
CVE-2024-24558 is a cross-site scripting (XSS) vulnerability affecting the `@tanstack/react-query-next-experimental` NPM package of TanStack Query. This package offers asynchronous state management, server-state utilities, and data fetching for web applications. An attacker can exploit this flaw by injecting malicious input or arranging for malicious data to be returned from an endpoint. To mitigate this risk, it is recommended to update to TanStack Query version 5.18.0 or later.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share