X4Cc3

**Name of the Vulnerable Software and Affected Versions** React Router versions 7.7.0 through 7.13.1 **Description** A client-side Cross-Site Scripting (XSS) issue exists in the redirect handling of the unstable React Server Components (RSC) APIs. This occurs when redirects originate from untrusted sources. This issue only affects applications utilizing the unstable RSC APIs. **Recommendations** Update to version 7.13.2. As a temporary mitigation, avoid using the unstable RSC APIs if redirects from untrusted sources cannot be validated.

**Name of the Vulnerable Software and Affected Versions** Socket.IO versions prior to 3.3.5 Socket.IO versions 3.3.5 through 3.4.4 Socket.IO versions 4.0.0 through 4.2.6 **Description** Socket.IO is a real-time, bidirectional, event-based communication framework. A specially crafted Socket.IO packet can cause the server to wait for and buffer a large number of binary attachments, potentially leading to server memory exhaustion. **Recommendations** Versions prior to 3.3.5: Upgrade to version 3.3.5 or later. Versions 3.3.5 through 3.4.4: Upgrade to version 3.4.4 or later. Versions 4.0.0 through 4.2.6: Upgrade to version 4.2.6 or later.