Vulnerability	Vulnerable Version
H Insufficient Verification of Data Authenticity @react-router/dev is a Dev tools and CLI for React Router Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the `X-React-Router-Prerender-Data` header. An attacker can manipulate the pre-rendered data by injecting a malicious JSON object into this header, potentially leading to data spoofing and cache poisoning. Note: This is only exploitable if the application is running in Framework mode, which is the default configuration, it has a caching system in place and the target page utilizes a loader. How to fix Insufficient Verification of Data Authenticity? Upgrade `@react-router/dev` to version 7.5.2 or higher.	>=7.0.0 <7.5.2

Insufficient Verification of Data Authenticity

@react-router/dev is a Dev tools and CLI for React Router

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the X-React-Router-Prerender-Data header. An attacker can manipulate the pre-rendered data by injecting a malicious JSON object into this header, potentially leading to data spoofing and cache poisoning.

Note:

This is only exploitable if the application is running in Framework mode, which is the default configuration, it has a caching system in place and the target page utilizes a loader.

How to fix Insufficient Verification of Data Authenticity?

Upgrade @react-router/dev to version 7.5.2 or higher.

>=7.0.0 <7.5.2

Go back to all versions of this package