Description
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.4.17)
Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-53933)
MySQL Other Vulnerability (CVE-2012-5383)
MySQL CVE-2016-8318 Vulnerability (CVE-2016-8318)
WordPress Plugin Captcha by BestWebSoft SQL Injection (4.1.7)