Количество 11
Количество 11
GHSA-mvjj-gqq2-p4hw
Cross-Site Scripting in react-dom
CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2.
GHSA-fv66-9v8q-g76r
React Server Components are Vulnerable to RCE
GHSA-925w-6v3x-g4j4
Source Code Exposure Vulnerability in React Server Components
GHSA-7gmr-mq3h-m5h9
Denial of Service Vulnerability in React Server Components
GHSA-2m3v-v2m8-q956
Denial of Service Vulnerability in React Server Components
CVE-2025-67779
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.
CVE-2025-55184
A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.
CVE-2025-55183
An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument.
CVE-2025-55182
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
BDU:2025-15156
Уязвимость функции requireModule() пакетов react-server-dom-webpack, react-server-dom-parcel и react-server-dom-turbopack JavaScript библиотеки построения пользовательских интерфейсов React, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-mvjj-gqq2-p4hw Cross-Site Scripting in react-dom | CVSS3: 6.1 | 13% Средний | около 7 лет назад |
 | CVE-2018-6341 React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. | CVSS3: 6.1 | 13% Средний | около 7 лет назад |
| GHSA-fv66-9v8q-g76r React Server Components are Vulnerable to RCE | CVSS3: 10 | 57% Средний | 2 месяца назад |
| GHSA-925w-6v3x-g4j4 Source Code Exposure Vulnerability in React Server Components | CVSS3: 5.3 | 13% Средний | около 2 месяцев назад |
| GHSA-7gmr-mq3h-m5h9 Denial of Service Vulnerability in React Server Components | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
| GHSA-2m3v-v2m8-q956 Denial of Service Vulnerability in React Server Components | CVSS3: 7.5 | 19% Средний | около 2 месяцев назад |
| CVE-2025-67779 It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served. | CVSS3: 7.5 | 0% Низкий | около 2 месяцев назад |
| CVE-2025-55184 A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served. | CVSS3: 7.5 | 19% Средний | около 2 месяцев назад |
| CVE-2025-55183 An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. A specifically crafted HTTP request sent to a vulnerable Server Function may unsafely return the source code of any Server Function. Exploitation requires the existence of a Server Function which explicitly or implicitly exposes a stringified argument. | CVSS3: 5.3 | 13% Средний | около 2 месяцев назад |
| CVE-2025-55182 A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints. | CVSS3: 10 | 57% Средний | 2 месяца назад |
 | BDU:2025-15156 Уязвимость функции requireModule() пакетов react-server-dom-webpack, react-server-dom-parcel и react-server-dom-turbopack JavaScript библиотеки построения пользовательских интерфейсов React, позволяющая нарушителю выполнить произвольный код | CVSS3: 10 | 57% Средний | 2 месяца назад |
Уязвимостей на страницу