129 matches found
GHSA-JM64-8M5Q-4QH8 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions
Summary Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. Details On-demand rendered sites built with Astro can define server actions...
CVE-2026-27729
Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...
CVE-2026-27729
Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...
CVE-2026-27729
Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...
CVE-2026-27729 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions
Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...
CVE-2026-27729
CVE-2026-27729 affects Astro v9.0.0–9.5.3. The vulnerability is due to Astro server actions buffering incoming request bodies (JSON/FormData) without a size limit, enabling unauthenticated denial of service via a single oversized POST to a valid action endpoint, which can crash the server on memo...
CVE-2026-27729 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions
Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...
PT-2026-21611
Name of the Vulnerable Software and Affected Versions Astro versions 9.0.0 through 9.5.3 Description Astro server actions lack a default request body size limit, potentially leading to a denial of service DoS due to memory exhaustion. A large POST request to a valid action endpoint can crash the...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell - Preuve de Concept CVE-2025-55182 Ce projet...
RCE-Exploit-Tools
RCE Exploit Research Tools Project Overview This repository cont...
CVE-2026-22030
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
SUSE CVE-2026-22030
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
Cross-site Request Forgery
React Router is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections on document POST requests to UI routes, where server-side route action handlers or React Server Actions accept authenticated POST requests without origin validation, allowing...
CVE-2026-22030
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
CVE-2026-22030 React Router has CSRF issue in Action/Server Action Request Processing
React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when...
PT-2026-2138
Name of the Vulnerable Software and Affected Versions react-router versions 7.0.0 through 7.11.0 @remix-run/server-runtime versions prior to 2.17.3 Description React Router, used as a router for React applications, is susceptible to Cross-Site Request Forgery CSRF attacks. This affects document...
React Router has CSRF issue in Action/Server Action Request Processing
React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...
GHSA-H5CW-625J-3RXH React Router has CSRF issue in Action/Server Action Request Processing
React Router or Remix v2 is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. !NOTE This does not impact your application if you are using Declarative...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell PoC CVE-2025-55182 A Proof-of-Concept PoC scr...