React 安全漏洞

React is a JavaScript library developed by Meta for building user interfaces. There is a security vulnerability in React, which stems from excessive CPU usage when handling specially crafted HTTP requests, potentially leading to denial of service attacks. The following versions are affected:...

EUVD-2026-4673

React Server Components have multiple Denial of Service Vulnerabilities...

Security Bulletin: React Server Components RCE (CVE-2025-55182) and related advisories

Summary React Server Components RCE vulnerability. Carbon React and related Carbon React based libraries are not related to this CVE. However, many product teams may depend on the affected libraries via frameworks or plugins. We strongly encourage all teams to verify and upgrade any affected...

Denial of Service Vulnerability in React Server Components

Impact There is a denial of service vulnerability in React Server Components. React recommends updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1 of: - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack...

@cedarjs/api-server (>=1.0.0-canary.12863 <=3.0.0-canary.13332), @cedarjs/cli (>=1.0.0-canary.12863 <=3.0.0-canary.13332) +10 more potentially affected by CVE-2025-55183 +1 more via react-server-dom-webpack (>=19.2.1 <=19.2.3)

react-server-dom-webpack NPM version =19.2.1, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863, =1.0.0-canary.12863,...

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

CVE-2025-55183

An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically...

Exploit for CVE-2025-55182

CVE-2025-55182 - React Server Components RCE Exploit Python C...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +8 more potentially affected by CVE-2025-55182 via react-server-dom-webpack (=19.0.0)

react-server-dom-webpack NPM version =19.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-server-dom-webpack and may be impacted: - @amazeelabs/bridge-waku =1.1.9, =3.1.12, =1.4.7, =1.1.3, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920...