Allocation of Resources Without Limits or Throttling

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

React 安全漏洞

React is a JavaScript library developed by Meta for building user interfaces. There is a security vulnerability in React, which stems from excessive CPU usage when handling specially crafted HTTP requests, potentially leading to denial of service attacks. The following versions are affected:...

React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

EUVD-2026-4673

React Server Components have multiple Denial of Service Vulnerabilities...

Security Bulletin: React Server Components RCE (CVE-2025-55182) and related advisories

Summary React Server Components RCE vulnerability. Carbon React and related Carbon React based libraries are not related to this CVE. However, many product teams may depend on the affected libraries via frameworks or plugins. We strongly encourage all teams to verify and upgrade any affected...

Deserialization of Untrusted Data

Overview react-server-dom-turbopack is a React Server Components bindings for DOM using Turbopack. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsaf...

Denial of Service Vulnerability in React Server Components

Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...