TanStack npm Supply Chain Poisoning via Malicious optionalDependencies

github.com 2026-05-22翻訳準備中…中国語で表示中中国語 →English →

Security AdvisoryCriticalTanStack

Affected:

@tanstack/history@1.161.9
@tanstack/history@1.161.12
@tanstack/router-utils@1.161.11
@tanstack/router-utils@1.161.14
@tanstack/router-core@1.169.5

参照 CVE: CVE-2026-45321 · 9.6 KEV

文章内图片已隐藏以节省流量 · 升级 Pro 后可见图片及离线存档

本文由本平台从 github.com 自动抓取，经 LLM 流水线清洗、双语翻译。版权归原作者。查看原文。

このソースからの他の記事

Reflected XSS in Django ParticipationAdmin.get_user via Unsafe HTML Concatenation 2026-05-28 Himmelblau Authentication Bypass in Device Authorization Grant Flow 2026-05-28 Stored XSS Vulnerability in RELATE Platform (CVE-2024-42197) Analysis and POC 2026-05-28 pam_usb security audit fixes: OOM null deref, race conditions, format string patches 2026-05-28 Facturascripts Stored XSS in Product Reference 2026-05-28

离线存档

离线截图 & PDF 为 Pro 专属