mirror of
https://github.com/run-llama/auto_rfp.git
synced 2026-07-01 21:54:05 -04:00
[PR #41] [MERGED] Fix React Server Components CVE vulnerabilities #41
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/run-llama/auto_rfp/pull/41
Author: @vercel[bot]
Created: 12/16/2025
Status: ✅ Merged
Merged: 12/16/2025
Merged by: @logan-markewich
Base:
main← Head:vercel/react-server-components-cve-vu-2qzmxv📝 Commits (1)
9b78df8Fix React Server Components CVE vulnerabilities📊 Changes
2 files changed (+51 additions, -51 deletions)
View changed files
📝
package.json(+1 -1)📝
pnpm-lock.yaml(+50 -50)📄 Description
A critical remote code execution (RCE) vulnerability in React Server Components, impacting frameworks such as Next.js, was identified in the project auto-rfp-new. The vulnerability enables unauthenticated RCE on the server via insecure deserialization in the React Flight protocol.
This issue is tracked under:
This automated pull request upgrades the affected React and Next.js packages to patched versions that fully remediate the issue.
More Info | security@vercel.com
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.