2 matches found
Arbitrary Code Injection
Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe dynamic imports in the loadServerAction, decodeReply, and decodeAction server APIs. An attacker can execute arbitrary JavaScript...
PT-2025-42899
Name of the Vulnerable Software and Affected Versions astral-tokio-tar versions prior to 0.5.6 async-tar versions prior to 0.5.6 tokio-tar versions prior to 0.5.6 Description astral-tokio-tar, async-tar, and tokio-tar are vulnerable to a boundary parsing issue due to inconsistent handling of...