React Server Components is a server-side rendering solution for React applications. It allows developers to render components on the server, which can improve performance and SEO. However, this vulnerability exposes source code when a specifically crafted HTTP request is sent to a vulnerable Server Function, potentially allowing attackers to access sensitive information.
You're affected if you use An. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to any fixed version immediately:
- For react-server-dom-webpack: Upgrade to version 19.0.3 or later.
- For react-server-dom-parcel: Upgrade to version 19.0.3 or later.
- For react-server-dom-turbopack: Upgrade to version 19.1.4 or later.
- If immediate upgrade isn't possible, consider the following mitigations:
- Restrict network access to your React application
- Monitor for suspicious activity and unauthorized token creation