From a93fe2625eccfbba78a0fcd34d97f62aaec38df2 Mon Sep 17 00:00:00 2001 From: Alon Ohana Date: Wed, 17 Jun 2026 16:26:14 +0300 Subject: [PATCH 1/2] Improve GHSA-2j2x-hqr9-3h42 --- .../GHSA-2j2x-hqr9-3h42.json | 35 ++++++------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/advisories/github-reviewed/2026/06/GHSA-2j2x-hqr9-3h42/GHSA-2j2x-hqr9-3h42.json b/advisories/github-reviewed/2026/06/GHSA-2j2x-hqr9-3h42/GHSA-2j2x-hqr9-3h42.json index b44c80edd4448..08699c386e369 100644 --- a/advisories/github-reviewed/2026/06/GHSA-2j2x-hqr9-3h42/GHSA-2j2x-hqr9-3h42.json +++ b/advisories/github-reviewed/2026/06/GHSA-2j2x-hqr9-3h42/GHSA-2j2x-hqr9-3h42.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-2j2x-hqr9-3h42", - "modified": "2026-06-03T20:58:01Z", + "modified": "2026-06-03T20:58:02Z", "published": "2026-06-03T20:58:01Z", "aliases": [ "CVE-2026-40181" @@ -11,43 +11,24 @@ "severity": [ { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" } ], "affected": [ { "package": { "ecosystem": "npm", - "name": "react-router" + "name": "router" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { - "introduced": "7.0.0" + "introduced": "0" }, { - "fixed": "7.14.1" - } - ] - } - ] - }, - { - "package": { - "ecosystem": "npm", - "name": "react-router" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "6.7.0" - }, - { - "fixed": "6.30.4" + "fixed": "1.23.3" } ] } @@ -63,6 +44,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40181" }, + { + "type": "WEB", + "url": "https://github.com/remix-run/react-router/commit/d77f6b1db8202e2160098432df349dbed118c948" + }, { "type": "PACKAGE", "url": "https://github.com/remix-run/react-router" @@ -72,7 +57,7 @@ "cwe_ids": [ "CWE-601" ], - "severity": "MODERATE", + "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2026-06-03T20:58:01Z", "nvd_published_at": "2026-06-02T20:16:35Z" From 634fcc88d658067093a476455b401b8ab5fe252f Mon Sep 17 00:00:00 2001 From: Alon Ohana Date: Wed, 17 Jun 2026 16:29:18 +0300 Subject: [PATCH 2/2] Improve GHSA-2j2x-hqr9-3h42 --- .../2026/06/GHSA-2j2x-hqr9-3h42/GHSA-2j2x-hqr9-3h42.json | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/advisories/github-reviewed/2026/06/GHSA-2j2x-hqr9-3h42/GHSA-2j2x-hqr9-3h42.json b/advisories/github-reviewed/2026/06/GHSA-2j2x-hqr9-3h42/GHSA-2j2x-hqr9-3h42.json index 08699c386e369..b14a7ee9bc9b2 100644 --- a/advisories/github-reviewed/2026/06/GHSA-2j2x-hqr9-3h42/GHSA-2j2x-hqr9-3h42.json +++ b/advisories/github-reviewed/2026/06/GHSA-2j2x-hqr9-3h42/GHSA-2j2x-hqr9-3h42.json @@ -11,7 +11,7 @@ "severity": [ { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" } ], "affected": [ @@ -44,10 +44,6 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40181" }, - { - "type": "WEB", - "url": "https://github.com/remix-run/react-router/commit/d77f6b1db8202e2160098432df349dbed118c948" - }, { "type": "PACKAGE", "url": "https://github.com/remix-run/react-router" @@ -57,7 +53,7 @@ "cwe_ids": [ "CWE-601" ], - "severity": "LOW", + "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2026-06-03T20:58:01Z", "nvd_published_at": "2026-06-02T20:16:35Z"