Skip to content

@urql/next@1.1.1
Compare
Choose a tag to compare
@github-actions github-actions released this 30 Jan 17:16
· 124 commits to main since this release
@urql/next@1.1.1
87d79cd
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Patch Changes

  • ⚠️ Fix CVE-2024-24556, addressing an XSS vulnerability, where @urql/next failed to escape HTML characters in JSON payloads injected into RSC hydration bodies. When an attacker is able to manipulate strings in the JSON response in RSC payloads, this could cause HTML to be evaluated via a typical XSS vulnerability (See GHSA-qhjf-hm5j-335w for details.)
    Submitted by @JoviDeCroock (See 4b7011b7)
Assets 2
Loading