CVE-2025-43864

{"id": "CVE-2025-43864", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-04-25T01:15:43.117", "references": [{"url": "https://github.com/remix-run/react-router/blob/e6c53a0130559b4a9bd47f9cf76ea5b08a69868a/packages/react-router/lib/server-runtime/server.ts#L407", "source": "security-advisories@github.com"}, {"url": "https://github.com/remix-run/react-router/commit/c84302972a152d851cf5dd859ff332b354b70111", "source": "security-advisories@github.com"}, {"url": "https://github.com/remix-run/react-router/security/advisories/GHSA-f46r-rw29-r322", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this allows the response containing the error to be cached, resulting in a cache poisoning that strongly impacts the availability of the application. This issue has been patched in version 7.5.2."}, {"lang": "es", "value": "React Router es un enrutador para React. A partir de la versi\u00f3n 7.2.0 y anteriores a la 7.5.2, es posible forzar el cambio a modo SPA en una aplicaci\u00f3n a\u00f1adiendo un encabezado a la solicitud. Si la aplicaci\u00f3n usa SSR y se ve obligada a cambiar a modo SPA, se produce un error que corrompe completamente la p\u00e1gina. Si existe un sistema de cach\u00e9, la respuesta con el error se almacena en cach\u00e9, lo que provoca un envenenamiento de cach\u00e9 que afecta gravemente la disponibilidad de la aplicaci\u00f3n. Este problema se ha corregido en la versi\u00f3n 7.5.2."}], "lastModified": "2025-04-29T13:52:28.490", "sourceIdentifier": "security-advisories@github.com"}