GHSA-8646-j5j9-6r62HighCVSS 8.0
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
🔗 CVE IDs covered (1)
📋 Description
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources
[!NOTE] This only impacts your application if you are using the unstable RSC APIs in React Router.
🎯 Affected products1
- npm/react-router:>= 7.7.0, < 7.13.2