Описание
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.
A flaw was found in react-router due to improper handling of user-controlled data within the Express adapter. This flaw allows a remote attacker to trigger a server-side request forgery (SSRF) condition. This SSRF can be exploited by sending crafted HTTP requests to arbitrary internal or external resources. Successful exploitation results in a high impact denial of service.
Отчет
This vulnerability allows URL spoofing, which can lead to unauthorized access to resources and potential data breaches. The fact that it requires no authentication or user interaction significantly increases its exploitability. The use of Host or X-Forwarded-Host headers, which are commonly used in web applications, makes this a widespread issue. While arbitrary code execution isn't directly possible based on the description, the ability to manipulate URLs and potentially access sensitive data warrants an Important impact rating.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 4 | io.cryostat-cryostat | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Migration Toolkit for Applications 7 | mta/mta-ui-rhel9 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-ui-rhel8 | Not affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-console-plugin-rhel9 | Not affected | ||
| Migration Toolkit for Virtualization | mtv-candidate/mtv-console-plugin-rhel9 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/console-mce-rhel8 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/console-mce-rhel9 | Not affected | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-console-plugin-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.
Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
EPSS
7.5 High
CVSS3