mirror of
https://github.com/run-llama/flow-maker.git
synced 2026-06-30 21:17:56 -04:00
[PR #4] [MERGED] Fix React Server Components CVE vulnerabilities #4
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/run-llama/flow-maker/pull/4
Author: @vercel[bot]
Created: 12/16/2025
Status: ✅ Merged
Merged: 12/16/2025
Merged by: @logan-markewich
Base:
main← Head:vercel/react-server-components-cve-vu-f5dhme📝 Commits (1)
9578499Fix React Server Components CVE vulnerabilities📊 Changes
2 files changed (+56 additions, -44 deletions)
View changed files
📝
package-lock.json(+55 -43)📝
package.json(+1 -1)📄 Description
A critical remote code execution (RCE) vulnerability in React Server Components, impacting frameworks such as Next.js, was identified in the project flow-maker. The vulnerability enables unauthenticated RCE on the server via insecure deserialization in the React Flight protocol.
This issue is tracked under:
This automated pull request upgrades the affected React and Next.js packages to patched versions that fully remediate the issue.
More Info | security@vercel.com
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.