CVE-2025-67779
- EPSS 0.08%
- Veröffentlicht 11.12.2025 23:36:20
- Zuletzt bearbeitet 12.12.2025 19:16:03
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe...
CVE-2025-55183
- EPSS 11.38%
- Veröffentlicht 11.12.2025 20:16:00
- Zuletzt bearbeitet 12.12.2025 18:18:19
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, a...
CVE-2025-55184
- EPSS 19.23%
- Veröffentlicht 11.12.2025 20:16:00
- Zuletzt bearbeitet 15.12.2025 17:15:53
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react...
- EPSS 56.68%
- Veröffentlicht 03.12.2025 15:40:56
- Zuletzt bearbeitet 10.12.2025 02:00:02
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack...
CVE-2018-6341
- EPSS 13.18%
- Veröffentlicht 31.12.2018 22:29:00
- Zuletzt bearbeitet 06.05.2025 17:15:51
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x...