2 matches found
GHSA-FMH4-WR37-44FP React Server Components are Vulnerable to RCE
Summary @vitejs/plugin-rsc vendors react-server-dom-webpack, which contained an unauthenticated remote code execution vulnerability in versions prior to 19.0.1, 19.1.2, and 19.2.1. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processing of OpenID Connect tokens. An attacker can access internal network resources and potentially obtain sensitive information by submitting specially crafted tokens that trigger unauthorize...