373 matches found
CVE-2026-44582
Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions,...
CVE-2026-44576
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...
CVE-2026-44576
CVE-2026-44576 affects Next.js (React Server Components). In affected versions 14.2.0 to before 15.5.16 and 16.2.5, shared caches that do not properly partition response variants can poison the cache by serving an RSC response from the original URL, causing subsequent visitors to receive componen...
CVE-2026-44576 Next.js: Cache poisoning in React Server Component responses
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...
CVE-2026-44576 Next.js: Cache poisoning in React Server Component responses
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...
CVE-2026-44576
Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16 and 16.2.5, applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 14.2.0 to 15.5.16, as well as versions before 16.2.5, have security vulnerabilities. These vulnerabilities stem from improperly partitioning response variants when using React Server Components, which can lead to cache...
NPM: Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting
NPM: Next.js vulnerable to cache poisoning via collisions in React Server Component cache-busting vulnerability discovered by ? in WordPress Npm next versions = 13.4.6, 15.5.16...
Next.js vulnerable to cache poisoning in React Server Component responses
Impact Applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later...
Interpretation Conflict
Overview next is a react framework. Affected versions of this package are vulnerable to Interpretation Conflict via improper handling of shared cache entries for React Server Component responses. An attacker can cause unintended component payloads to be served to other users by manipulating share...
GHSA-WFC6-R584-VFW7 Next.js vulnerable to cache poisoning in React Server Component responses
Impact Applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later...
NPM: Next.js vulnerable to cache poisoning in React Server Component responses
NPM: Next.js vulnerable to cache poisoning in React Server Component responses vulnerability discovered by ? in WordPress Npm next versions = 14.2.0, 15.5.16...
@vitejs/plugin-rsc has a Denial of Service Vulnerability in React Server Components
Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.6. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh Patches Upgrade immediately to @vitejs/[email protected] or...
GHSA-W94C-4VHP-22GX @vitejs/plugin-rsc has a Denial of Service Vulnerability in React Server Components
Impact @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.6. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-rv78-f8rc-xrxh Patches Upgrade immediately to @vitejs/[email protected] or...
GHSA-8H8Q-6873-Q5FJ Next.js Vulnerable to Denial of Service with Server Components
A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23870. A specially crafted HTTP request can be sent to any...
Next.js Vulnerable to Denial of Service with Server Components
A vulnerability affects certain React Server Components packages for versions 19.x and frameworks that use the affected packages, including Next.js 13.x, 14.x, 15.x, and 16.x using the App Router. The issue is tracked upstream as CVE-2026-23870. A specially crafted HTTP request can be sent to any...
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-webpack versions = 19.0.0, 19.0.6...
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-parcel versions = 19.0.0, 19.0.6...
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-turbopack versions = 19.0.0, 19.0.6...
GHSA-RV78-F8RC-XRXH Facebook React has a Denial of Service Vulnerability in React Server Components
Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...