@remix-run/react 2.8.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @remix-run/react package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) @remix-run/react is a React DOM bindings for Remix Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ScrollRestoration API when using the `getKey` or `storageKey` props during server-side rendering in Framework Mode. An attacker can execute arbitrary JavaScript code by supplying untrusted content to generate the keys. This is only exploitable if server-side rendering is enabled in Framework Mode and untrusted input is used for key generation. Note: This issue does not impact applications using Declarative Mode `<BrowserRouter>` or Data Mode `createBrowserRouter/<RouterProvider>` and server-side rendering in Framework Mode is disabled. How to fix Cross-site Scripting (XSS)? Upgrade `@remix-run/react` to version 2.17.3 or higher.	<2.17.3
M Cross-site Scripting (XSS) @remix-run/react is a React DOM bindings for Remix Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Meta API in Framework Mode when generating `script:ld+json` tags during server-side rendering with untrusted content. An attacker can execute arbitrary JavaScript code by injecting malicious input into the metadata generation process. Note: This issue does not impact applications using Declarative Mode `<BrowserRouter>` or Data Mode `createBrowserRouter/<RouterProvider>`. How to fix Cross-site Scripting (XSS)? Upgrade `@remix-run/react` to version 2.17.1 or higher.	>=1.15.0 <2.17.1

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

@remix-run/react is a React DOM bindings for Remix

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the ScrollRestoration API when using the getKey or storageKey props during server-side rendering in Framework Mode. An attacker can execute arbitrary JavaScript code by supplying untrusted content to generate the keys. This is only exploitable if server-side rendering is enabled in Framework Mode and untrusted input is used for key generation.

Note:

This issue does not impact applications using Declarative Mode <BrowserRouter> or Data Mode createBrowserRouter/<RouterProvider> and server-side rendering in Framework Mode is disabled.

How to fix Cross-site Scripting (XSS)?

Upgrade @remix-run/react to version 2.17.3 or higher.

<2.17.3

Cross-site Scripting (XSS)

@remix-run/react is a React DOM bindings for Remix

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Meta API in Framework Mode when generating script:ld+json tags during server-side rendering with untrusted content. An attacker can execute arbitrary JavaScript code by injecting malicious input into the metadata generation process.

Note:

This issue does not impact applications using Declarative Mode <BrowserRouter> or Data Mode createBrowserRouter/<RouterProvider>.

How to fix Cross-site Scripting (XSS)?

Upgrade @remix-run/react to version 2.17.1 or higher.

>=1.15.0 <2.17.1

@remix-run/react@2.8.1 vulnerabilities

React DOM bindings for Remix

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically