CNNVD-202601-1763 Information
Jan 10, 2026
cve
CNNVD ID
CNNVD-202601-1763
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
react-router是Remix开源的一个 React 的声明式路由。 react-router 7.0.0版本至7.8.2版本存在跨站脚本漏洞,该漏洞源于在框架模式下生成script:ld+json标签时存在跨站脚本漏洞,可能导致服务器端渲染期间执行任意JavaScript。
Description (English)
React-router is a react path for Remix open source. React-router versions 7.0.0 to 7.8.2 have a cross-site script loophole, which stems from the existence of a cross-site script loophole when creating the script:ld+json label in frame mode, which may result in the implementation of any JavaScript during server rendering.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Remix
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98x8
Patch
https://github.com/remix-run/react-router/releases
Share on: