Insecure deserialization In @vitejs/plugin-rsc
Description
Vite Plugin React has a Source Code Exposure Vulnerability in React Server Components
Impact
@vitejs/plugin-rsc vendors react-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-925w-6v3x-g4j4
Patches
Upgrade immediately to @vitejs/[email protected] or later.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 npm | 0.5.7 |
Aliases
1. 2. 3.
References
1. 2.