[ignore] testing for now#16374
Conversation
![semgrep-code-getsentry[bot]](https://avatars.githubusercontent.com/in/1153895?s=60&v=4){kind=small}
| private _patchCreateRequestHandler(): (original: typeof reactRouter.createRequestHandler) => any { | ||
| return function sentryWrappedCreateRequestHandler(this: unknown, ...args: unknown[]) { | ||
| // eslint-disable-next-line @typescript-eslint/ban-ts-comment | ||
| // @ts-ignore not sure why original isn't found here? |
There was a problem hiding this comment.
Risk: Affected versions of react-router are vulnerable to Insufficient Verification of Data Authenticity. A vulnerability in React Router's Framework mode allows an attacker to spoof pre-rendered loader data by providing a crafted JSON payload via the X-React-Router-Prerender-Data header. This manipulation can poison cached responses and lead to unintended page modifications, including potential XSS attacks.
Fix: Upgrade this library to at least version 7.5.2 at sentry-javascript/yarn.lock:24603.
Reference(s): GHSA-cpj6-fhp6-mr6j, CVE-2025-43865
💬 To ignore this, reply with:
• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by ssc-beb7e482-8f90-9d54-a2cb-68c86458077b.
| } | ||
| private _patchCreateRequestHandler(): (original: typeof reactRouter.createRequestHandler) => any { | ||
| return function sentryWrappedCreateRequestHandler(this: unknown, ...args: unknown[]) { | ||
| // eslint-disable-next-line @typescript-eslint/ban-ts-comment |
There was a problem hiding this comment.
Risk: Affected versions of react-router are vulnerable to Insufficient Verification of Data Authenticity. A vulnerability in React Router's Framework mode allows an attacker to spoof pre-rendered loader data by providing a crafted JSON payload via the X-React-Router-Prerender-Data header. This manipulation can poison cached responses and lead to unintended page modifications, including potential XSS attacks.
Fix: Upgrade this library to at least version 7.5.2 at sentry-javascript/yarn.lock:24603.
Reference(s): GHSA-cpj6-fhp6-mr6j, CVE-2025-43865
💬 To ignore this, reply with:
• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by ssc-beb7e482-8f90-9d54-a2cb-68c86458077b.
| return function sentryWrappedCreateRequestHandler(this: unknown, ...args: unknown[]) { | ||
| // eslint-disable-next-line @typescript-eslint/ban-ts-comment | ||
| // @ts-ignore not sure why original isn't found here? | ||
| const originalRequestHandler = (original as typeof reactRouter.createRequestHandler).apply(this, args); |
There was a problem hiding this comment.
Risk: Affected versions of react-router are vulnerable to Insufficient Verification of Data Authenticity. A vulnerability in React Router's Framework mode allows an attacker to spoof pre-rendered loader data by providing a crafted JSON payload via the X-React-Router-Prerender-Data header. This manipulation can poison cached responses and lead to unintended page modifications, including potential XSS attacks.
Fix: Upgrade this library to at least version 7.5.2 at sentry-javascript/yarn.lock:24603.
Reference(s): GHSA-cpj6-fhp6-mr6j, CVE-2025-43865
💬 To ignore this, reply with:
• /fp <comment> for false positive
• /ar <comment> for acceptable risk
• /other <comment> for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by ssc-beb7e482-8f90-9d54-a2cb-68c86458077b.
|
nope... |
|
actually gonna test something else |
|
no luck, closing for today |
2 participants
esm was a mistake
esm was a mistake
esm was a mistake
esm was a mistake
esm was a mistake