Описание
Vite Plugin React has a Denial of Service Vulnerability in React Server Components
Impact
@vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-7gmr-mq3h-m5h9
Patches
Upgrade immediately to @vitejs/plugin-rsc@0.5.7 or later.
Пакеты
Наименование
@vitejs/plugin-rsc
npm
Затронутые версииВерсия исправления
<= 0.5.6
0.5.7
7.5 High
CVSS3
Дефекты
CWE-1395
CWE-400
CWE-502
7.5 High
CVSS3
Дефекты
CWE-1395
CWE-400
CWE-502