278 matches found
Node.js React Server Components Denial of Service and Source Code Exposure (CVE-2025-55183, CVE-2025-55184)
Multiple Node.js React Server Components packages are affected by denial of service and source code exposure vulnerabilities. The following Node.js packages and versions are affected: - react-server-dom-webpack 19.0.0, 19.0.1, 19.1.0, 19.1.1, 19.1.2, 19.2.0, 19.2.1 - react-server-dom-parcel 19.0....
CVE-2025-67779
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests...
CVE-2025-67779
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests...
EUVD-2025-202877
Denial of Service Vulnerability in React Server Components...
Deserialization of Untrusted Data
Overview next is a react framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of payloads from HTTP requests to Server Function endpoints. An attacker can cause the server process to enter an infinite loop and hang,...
Deserialization of Untrusted Data
Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe...
GHSA-2M3V-V2M8-Q956 Denial of Service Vulnerability in React Server Components
Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...
Denial of Service Vulnerability in React Server Components
Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...
EUVD-2025-202879
Source Code Exposure Vulnerability in React Server Components...
GHSA-925W-6V3X-G4J4 Source Code Exposure Vulnerability in React Server Components
Impact There is a source code exposure vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopa...
Source Code Exposure Vulnerability in React Server Components
Impact There is a source code exposure vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopa...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview react-server-dom-webpack is a React Server Components bindings for DOM using Webpack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere. An attacker can access the source code of any Server Function by sending a malicious HTTP...
Chain Reaction: Attack Campaign Activity in the Aftermath of React Server Components Vulnerability
Introduction and Vulnerability Overview Earlier this month, Imperva published an initial advisory outlining how our customers were protected against the newly disclosed React2Shell vulnerability impacting React Server Components RSC. That post focused on the essentials: a critical flaw arising fr...
CVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...
CVE-2025-55184
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...
CVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...
CVE-2025-55184
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...
CVE-2025-55184
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafe...
CVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...