Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-68470

Опубликовано: 10 янв. 2026
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), , or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.

An open redirect flaw has been discovered in the react-router npm library. An attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), , or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Cryostat 4io.cryostat-cryostatFix deferred
Gatekeeper 3gatekeeper/gatekeeper-rhel9Fix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel9Fix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-operator-bundleFix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-proxy-rhel9Fix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-rhel9-operatorFix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Fix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-curator5-rhel9Fix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel9Fix deferred
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-view-plugin-rhel9Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=2428417react-router: React Router unexpected external redirect

EPSS

Процентиль: 12%
0.00039
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-68470

CVSS3: 6.5
nvd
3 месяца назад

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6.

github логотип

GHSA-9jcx-v3wj-wh4m

CVSS3: 6.5
github
3 месяца назад

React Router has unexpected external redirect via untrusted paths

EPSS

Процентиль: 12%
0.00039
Низкий

6.5 Medium

CVSS3