Vulnerability	Vulnerable Version
H Insufficient Verification of Data Authenticity @react-router/dev is a Dev tools and CLI for React Router Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the `X-React-Router-Prerender-Data` header. An attacker can manipulate the pre-rendered data by injecting a malicious JSON object into this header, potentially leading to data spoofing and cache poisoning. Note: This is only exploitable if the application is running in Framework mode, which is the default configuration, it has a caching system in place and the target page utilizes a loader. How to fix Insufficient Verification of Data Authenticity? Upgrade `@react-router/dev` to version 7.5.2 or higher.	>=7.0.0 <7.5.2
H Improper Handling of Exceptional Conditions @react-router/dev is a Dev tools and CLI for React Router Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the `X-React-Router-SPA-Mode` header. An attacker can disrupt the availability of the application by sending a crafted request that forces the server to switch to SPA mode, leading to an error that corrupts the page content. Note: This is only exploitable if the application is running in Framework mode, which is the default configuration, it has a caching system in place and the target page utilizes a loader. How to fix Improper Handling of Exceptional Conditions? Upgrade `@react-router/dev` to version 7.5.2 or higher.	>=7.2.0 <7.5.2

Insufficient Verification of Data Authenticity

@react-router/dev is a Dev tools and CLI for React Router

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the X-React-Router-Prerender-Data header. An attacker can manipulate the pre-rendered data by injecting a malicious JSON object into this header, potentially leading to data spoofing and cache poisoning.

Note:

This is only exploitable if the application is running in Framework mode, which is the default configuration, it has a caching system in place and the target page utilizes a loader.

How to fix Insufficient Verification of Data Authenticity?

Upgrade @react-router/dev to version 7.5.2 or higher.

>=7.0.0 <7.5.2

Improper Handling of Exceptional Conditions

@react-router/dev is a Dev tools and CLI for React Router

Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the X-React-Router-SPA-Mode header. An attacker can disrupt the availability of the application by sending a crafted request that forces the server to switch to SPA mode, leading to an error that corrupts the page content.

Note:

This is only exploitable if the application is running in Framework mode, which is the default configuration, it has a caching system in place and the target page utilizes a loader.

How to fix Improper Handling of Exceptional Conditions?

Upgrade @react-router/dev to version 7.5.2 or higher.

>=7.2.0 <7.5.2

Go back to all versions of this package