Skip to content

Patch against upstream React server component vulnerabilities#340

Closed
queenvictoria wants to merge 2 commits into
hunvreus:mainfrom
queenvictoria:feature/RSC-vulnerabilities
Closed

Patch against upstream React server component vulnerabilities#340
queenvictoria wants to merge 2 commits into
hunvreus:mainfrom
queenvictoria:feature/RSC-vulnerabilities

Conversation

@queenvictoria

Copy link
Copy Markdown
Contributor

Two additional vulnerabilities have been identified in the React Server Components (RSC) protocol. These issues were discovered while security researchers examined the patches for React2Shell. Importantly, neither of these new issues allow for Remote Code Execution. The patch for React2Shell remains fully effective.

https://nextjs.org/blog/security-update-2025-12-11

@hunvreus

Copy link
Copy Markdown
Owner

Fixed in 2.0.0

@hunvreus hunvreus closed this Mar 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants