Описание
React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. There is no impact if server-side rendering in Framework Mode is disabled, or if Declarative Mode () or Data Mode (createBrowserRouter/) is being used. This issue has been patched in @remix-run/react version 2.17.3 and react-router version 7.12.0.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.0.0 (включая) до 7.11.0 (включая)Версия до 2.17.3 (исключая)
Одно из
cpe:2.3:a:shopify:react-router:*:*:*:*:*:node.js:*:*
cpe:2.3:a:shopify:remix-run\/react:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 2%
0.00014
Низкий
8.2 High
CVSS3
Дефекты
CWE-79
Связанные уязвимости
EPSS
Процентиль: 2%
0.00014
Низкий
8.2 High
CVSS3
Дефекты
CWE-79