Critical Security Vulnerability in React Server Components – React
Critical Security Vulnerability in React Server Components – React
React Server ComponentsにCVSSレベル10の脆弱性が発見
React2Shell
Security Advisory: CVE-2025-66478 | Next.js
Next.js側の発信
React Server Functions / Next.js Vulnerability: Deno Deploy users protected | Deno
Deno側の対応
@Railway: A critical RCE vulnerability was discovered in React Server Components. Railway has collaborated with Meta/Vercel teams & deployed a platform-level patch that blocks malicious requests matching this exploit pattern at our Web Application Firewall.
Your service is protected while behind our infrastructure. We strongly encourage you to review the details of this vulnerability at https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components and upgrade your React or Next.js versions immediately.
We'll be sending dashboard & email notifications to a subset of identified impacted customers shortly.
Railway側の対応
React2Shellに対するOktaの対応
Okta側の対応