HIGH 7.6

GHSA-3cgp-3xvw-98x8

React Router has XSS Vulnerability

상세

A XSS vulnerability exists in in React Router's `meta()`/`<Meta>` APIs in [Framework Mode](https://reactrouter.com/start/modes#framework) when generating `script:ld+json` tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag.

> [!NOTE] > This does not impact applications using [Declarative Mode](https://reactrouter.com/start/modes#declarative) (`<BrowserRouter>`) or [Data Mode](https://reactrouter.com/start/modes#data) (`createBrowserRouter`/`<RouterProvider>`).

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / react-router

최초 영향 버전: 7.0.0 수정 버전: 7.9.0

수정 npm install react-router@7.9.0

npm / @remix-run/react

최초 영향 버전: 1.15.0 수정 버전: 2.17.1

수정 npm install @remix-run/react@2.17.1

참고

https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98x8 [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2025-59057 [ADVISORY]
https://github.com/remix-run/react-router [PACKAGE]