VYPR

Redwoodsdk

by Redwoodjs

Source repositories

CVEs (4)

  • CVE-2026-39371HigApr 7, 2026
    risk 0.46cvss 8.1epss 0.00

    RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" files could be invoked via GET requests, bypassing their intended HTTP method. In cookie-authenticated applications, this allowed cross-site GET navigations to…

  • CVE-2026-42190MedMay 8, 2026
    risk 0.27cvss 5.3epss 0.00

    RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a…

  • CVE-2021-26710Feb 5, 2021
    risk 0.02cvss epss 0.07

    A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.

  • CVE-2021-26711Feb 5, 2021
    risk 0.00cvss epss 0.02

    A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.