React-Router : Pre-render data spoofing + CPDoS (no research paper)
Published in zhero_web_security, 2025
Security advisories
- CVE-2025-43865 : Pre-render data spoofing on React-Router framework mode (8.2 - high)
- CVE-2025-43864 : DoS via cache poisoning by forcing SPA mode (7.5 - high)
A little more here.
Research conducted by zhero; & inzo_
Published in April 2025