Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40remix-run/node@0.0.0-experimental-d322757af
Typenpm
Namespace@remix-run
Namenode
Version0.0.0-experimental-d322757af
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.17.2
Latest_non_vulnerable_version2.17.2
Affected_by_vulnerabilities
0
url VCID-ju3j-c81d-fubs
vulnerability_id VCID-ju3j-c81d-fubs
summary 
React Router has Path Traversal in File Session Storage
If applications use `createFileSessionStorage()` from `@react-router/node` (or `@remix-run/node`/`@remix-run/deno` in Remix v2) with an [**unsigned cookie**](https://reactrouter.com/explanation/sessions-and-cookies#signing-cookies), it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the permissions of the web server process to access those files.

Read files cannot be returned directly to the attacker.  Session file reads would only succeed if the file matched the expected session file format. If the file matched the session file format, the data would be populated into the server side session but not directly returned to the attacker unless the application logic returned specific session information.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61686.json
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61686.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61686
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09843
published_at 2026-06-05T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10997
published_at 2026-06-08T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11079
published_at 2026-06-07T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11114
published_at 2026-06-06T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.13404
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61686
2
reference_url https://github.com/remix-run/react-router
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/remix-run/react-router
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428423
reference_id 2428423
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428423
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61686
reference_id CVE-2025-61686
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61686
5
reference_url https://github.com/advisories/GHSA-9583-h5hc-x8cw
reference_id GHSA-9583-h5hc-x8cw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9583-h5hc-x8cw
6
reference_url https://github.com/remix-run/react-router/security/advisories/GHSA-9583-h5hc-x8cw
reference_id GHSA-9583-h5hc-x8cw
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:58:36Z/
url https://github.com/remix-run/react-router/security/advisories/GHSA-9583-h5hc-x8cw
fixed_packages
0
url pkg:npm/%40remix-run/node@2.17.2
purl pkg:npm/%40remix-run/node@2.17.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540remix-run/node@2.17.2
aliases CVE-2025-61686, GHSA-9583-h5hc-x8cw
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ju3j-c81d-fubs
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540remix-run/node@0.0.0-experimental-d322757af