impact
The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream.
To fix this vulnerability upgrade to version 1.1.1
impact
The
@urql/nextpackage is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returnshtmltags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream.To fix this vulnerability upgrade to version 1.1.1