HIGH 8.0

GHSA-8646-j5j9-6r62

React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

상세

When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources

> [!NOTE] > This only impacts your application if you are using the unstable RSC APIs in React Router.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / react-router

최초 영향 버전: 7.7.0 수정 버전: 7.13.2

수정 npm install react-router@7.13.2

참고

https://github.com/remix-run/react-router/security/advisories/GHSA-8646-j5j9-6r62 [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2026-33245 [ADVISORY]
https://github.com/remix-run/react-router [PACKAGE]