Skip to main content

Remix Run Deno

1 CVEs product

Monthly

CVE-2025-61686 npm CRITICAL PATCH Act Now

React Router (@react-router/node 7.0.0-7.9.3) has a path traversal in file-based session storage when using unsigned cookies. Attackers can manipulate session file paths to read or write arbitrary files on the server.

Path Traversal React Router Node Remix Run Deno Remix Run Node
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

React Router (@react-router/node 7.0.0-7.9.3) has a path traversal in file-based session storage when using unsigned cookies. Attackers can manipulate session file paths to read or write arbitrary files on the server.

Path Traversal React Router Node Remix Run Deno +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy