2 matches found
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the turbo-stream component in in Framework Mode. An attacker can execute arbitrary code on the remote server by sending specially crafted external requests that exploit an existing prototype polluti...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the resolvePath function when used with navigate, , or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths. Note: This is only exploitabl...