react-router 跨站请求伪造漏洞

react-router is a Remix open source declarative routing for React. A cross-site request forgery vulnerability exists in react-router version 7.11.0 and earlier, which stems from the vulnerability to a cross-site request forgery attack against document POST requests when using a server-side route...

CVE-2024-46982

Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router this does not affect the app router. When this crafted request is sent it could coerce Next....