|
|
|
|
|
|
by abustamam
184 days ago
|
|
|
Yeah, crucially it says > If your app’s React code does not use a server, your app is not affected by this vulnerability. If your app does not use a framework, bundler, or bundler plugin that supports React Server Components, your app is not affected by this vulnerability. https://react.dev/blog/2025/12/03/critical-security-vulnerab... So if you have a backend that supports RSC, even if you don't use it, you can still be vulnerable. GP said they only shipped front ends but that can mean a lot. Edit:link |
|
|
https://nvd.nist.gov/vuln/detail/CVE-2025-29927
That plus the most recent react one, and you have a culture that does not care for their customers but rather chasing fads to help greedy careers.