GHSA-rxv8-25v2-qmq8
React Router vulnerable to Denial of Service via reflected user input in single-fetch
상세
A DoS vulnerability exists in the React Router v7 [Framework Mode](https://reactrouter.com/start/modes#framework), as well as Remix v2.9.0+ with [Single Fetch](https://v2.remix.run/docs/guides/single-fetch) enabled. In some scenarios the underlying serialization algorithm can become a bottleneck when encoding specific types of data into server responses. Please upgrade to React Router v7.14.0 or later.
> [!NOTE] > This does not impact your React Router application if you are using [Declarative Mode](https://reactrouter.com/start/modes#declarative) (`<BrowserRouter>`) or [Data Mode](https://reactrouter.com/start/modes#data) (`createBrowserRouter`/`<RouterProvider>`).
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/remix-run/react-router/security/advisories/GHSA-rxv8-25v2-qmq8 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-34077 [ADVISORY]
- https://github.com/remix-run/react-router/commit/59811921d3c7d599077b8cadccdcd65a233165e0 [WEB]
- https://github.com/jacob-ebey/turbo-stream/blob/v2.4.1/src/flatten.ts#L175-L177 [WEB]
- https://github.com/jacob-ebey/turbo-stream/blob/v2.4.1/src/unflatten.ts#L185-L189 [WEB]
- https://github.com/remix-run/react-router [PACKAGE]