Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
19.0.0 (semver)
affected
19.1.0 (semver)
affected
19.2.0 (semver)
affected
Default status
unaffected
19.0.0 (semver)
affected
19.1.0 (semver)
affected
19.2.0 (semver)
affected
Default status
unaffected
19.0.0 (semver)
affected
19.1.0 (semver)
affected
19.2.0 (semver)
affected
Description
A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack (versions 19.0.0 through 19.0.5, 19.1.0 through 19.1.6, and 19.2.0 through 19.2.5).
Problem types
(CWE-502) Deserialization of Untrusted Data, (CWE-400) Uncontrolled Resource Consumption
Product status
19.0.0 (semver)
19.1.0 (semver)
19.2.0 (semver)
19.0.0 (semver)
19.1.0 (semver)
19.2.0 (semver)
19.0.0 (semver)
19.1.0 (semver)
19.2.0 (semver)
References
github.com/.../react/security/advisories/GHSA-rv78-f8rc-xrxh