CNNVD-202512-393 Information
CNNVD ID
CNNVD-202512-393
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Meta React Server Components是美国Meta公司的一系列组件。 Meta React Server Components 19.0.0版本、19.1.0版本、19.1.1版本和19.2.0版本存在安全漏洞,该漏洞源于HTTP请求反序列化不当,可能导致远程代码执行。
Description (English)
Meta Reality Server Components is a series of components of the United States company Meta. There is a security loophole in Meta React Server Components 19.0.0, 19.1.0, 19.1.1 and 19.2.0, which stems from the inappropriate inversion of HTTP requests, which may result in remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Meta
Published
2025-12-03
Last Modified
2026-02-24
References
http://www.openwall.com/lists/oss-security/2025/12/03/4 https://www.facebook.com/security/advisories/cve-2025-55182 https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components https://cxsecurity.com/issue/WLB-2025120023
Patch
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Share on: