6 matches found
CVE-2026-42342
A flaw was found in React Router and @remix-run/server-runtime. A remote attacker can exploit this vulnerability by sending certain crafted requests to the manifest endpoint. This can lead to unbounded path expansion, consuming disproportionate server resources. The primary consequence is a denia...
EUVD-2026-34000
React Router vulnerable to DoS via unbounded path expansion in manifest endpoint...
GHSA-8X6R-G9MW-2R78 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
There exists a potential DOS attack vector in React Router Framework Mode applications as well as Remix v2.10.0 - 2.17.4. Certain requests can be crafted to consume disproportionate resources on the server, resulting in response time degredation and/or service unavailability for end users. !NOTE...
CVE-2026-42342 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...
CVE-2026-42342 React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint
React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certain crafted requests can consume disproportionate server resources via unbounded path expansion in the manifest endpoint, resulting in response...
CVE-2026-42342
CVE-2026-42342 affects React Router and Remix Server Runtime: versions 7.0.0–7.14.x of react-router and 2.10.0–2.17.4 of @remix-run/server-runtime are vulnerable to DoS via unbounded path expansion on the __manifest endpoint, causing high resource usage and potential unavailability for Framework ...