EUVD-2025-11980

Malicious code in bioql PyPI...

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

CVE-2025-43864

CVE-2025-43864: React Router (versions 7.2.0–7.5.1) allows forcing SPA mode by a request header, which on SSR apps can trigger a page-corrupting error. If a cache stores the error response, this enables cache poisoning and degrades availability. Patch: upgrade to React Router 7.5.2 (or later).

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

react-router 安全漏洞

react-router is a declarative routing for React open-sourced by Remix. A security vulnerability exists in react-router versions prior to 7.2.0 through 7.5.2, which stems from potentially forcing an application to switch to SPA mode by adding a request header, which could lead to cache poisoning...

PT-2025-17867

Name of the Vulnerable Software and Affected Versions React Router versions 7.2.0 through 7.5.2 Description The issue allows an attacker to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an erro...