Описание
Withdrawn Advisory: LikeC4 has RCE through vulnerable React and Next.js versions
Withdrawn Advisory
This advisory has been withdrawn because LikeC4 isn’t impacted by CVE-2025-55182 because it doesn’t ship React. React is a peer dependency.
Original Description
LikeC4 uses React and Next.js: which contain known RCE vulnerabilities, as seen in CVE-2025-55182.
[2025-12-15] Edit: the last fixes published by React were not thorough, a new set of fix releases completes the mitigation; see https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
Пакеты
Наименование
likec4
npm
Затронутые версииВерсия исправления
<= 1.46.1
Отсутствует
10 Critical
CVSS3
Дефекты
CWE-502
10 Critical
CVSS3
Дефекты
CWE-502