Headline

GHSA-c6m7-q6pr-c64r: Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components

Impact

@vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository’s advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4

Patches

Upgrade immediately to @vitejs/plugin-rsc@0.5.7 or later.

4 hours ago

ghsa

Open in Source

#vulnerability #web #js #git #auth

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

ghsa: Latest News

GHSA-55jh-84jv-8mx8: Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

55 minutes ago

ghsa

GHSA-4jmp-x7mh-rgmr: Finality Provider vulnerable to anti-slashing bypassing due to misconfiguration

1 hour ago

ghsa

GHSA-4jj9-cgqc-x9h5: NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)

1 hour ago

ghsa

GHSA-3hg2-rh4r-8qf6: Apache StreamPark: Use the user’s password as the secret key Vulnerability

2 hours ago

ghsa

GHSA-7v39-2hx7-7c43: Weaviate OSS has a Path Traversal Vulnerability via Backup ZipSlip

2 hours ago

ghsa