2 matches found
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper origin checks of UI route submissions in server-side route action handlers in Framework Mode. An attacker can execute unauthorized actions by tricking a user into submitting a crafted...
PT-2025-17867
Name of the Vulnerable Software and Affected Versions React Router versions 7.2.0 through 7.5.2 Description The issue allows an attacker to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an erro...