Affected versions of this package are vulnerable to Open Redirect via the resolvePath() function when used with navigate, <Link>, or redirect. An attacker can cause the application to redirect users to external, potentially malicious URLs by supplying crafted paths.
Note:
This is only exploitable if untrusted content is passed into navigation paths in the application code.
Remediation
Upgrade react-router to version 6.30.2, 7.9.6 or higher.