6 matches found
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Management GUI are now included (CVE-2025-48050, CVE-2025-43865 and CVE-2025-43864)
Summary The following vulnerabilities that can affect IBM Storage Scale and the Management GUI and could provide weaker than expected security are now fixed CVE-2025-48050, CVE-2025-43865 and CVE-2025-43864. Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before...
CVE-2025-43864
A flaw was found in the React Router. This vulnerability allows an attacker to trigger a rendering error via a crafted X-React-Router-SPA-Mode header, which can result in cache poisoning. If a caching system is in place, the corrupted error response may be cached and served to subsequent users,...
CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
CVE-2025-43864
CVE-2025-43864: React Router (versions 7.2.0–7.5.1) allows forcing SPA mode by a request header, which on SSR apps can trigger a page-corrupting error. If a cache stores the error response, this enables cache poisoning and degrades availability. Patch: upgrade to React Router 7.5.2 (or later).