js · react-routerHeads-up
react-router v7 Framework Mode Insufficient CSRF Checks on PUT/PATCH/DELETE
CSRF checks in React Router v7 Framework Mode were insufficient on PUT/PATCH/DELETE requests, allowing bypass.
What changed
CSRF checks in React Router v7 Framework Mode were insufficient on PUT/PATCH/DELETE requests, allowing bypass.
Who it affects
Applications using React Router v7 in Framework Mode.
What to do today
Review your React Router v7 Framework Mode usage and apply the security patch if available.
The trail
Collected→
Audited→
Written→
Published