@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability

Impact

The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. This vulnerability arises from improper handling of untrusted input when @apollo/experimental-apollo-client-nextjs performs server-side rendering of HTML pages. To fix this vulnerability, we implemented appropriate escaping to prevent javascript injection into rendered pages.

Patches

To fix this issue, please update to version 0.7.0 or later.

Workarounds

There are no known workarounds for this issue. Please update to version 0.7.0

References

peakematt published to apollographql/apollo-client-nextjs Jan 30, 2024

Published by the National Vulnerability Database Jan 30, 2024

Published to the GitHub Advisory Database Jan 30, 2024

Reviewed Jan 30, 2024

Last updated Jan 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

References

Severity

CVSS overall score

CVSS v3 base metrics

CVSS v3 base metrics

EPSS score

Weaknesses

CVE ID

GHSA ID

Source code

Credits