blog-nextjs/package.json at ee2eb4796e06fbcf13ff5c5b38f4ba6e3b63ed06

Files

gbanyan ee2eb4796e SECURITY: Update Next.js and React to patch critical RCE vulnerability

Addresses CVE-2025-55182 (React) and CVE-2025-66478 (Next.js)
- CVSS Score: 10.0 (Critical)
- Allows unauthenticated remote code execution via RSC payloads

Updates:
- Next.js: 16.0.3 → 16.0.7
- React: 19.2.0 → 19.2.1
- react-dom: 19.2.0 → 19.2.1

References:
- https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
- https://nextjs.org/blog/CVE-2025-66478

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-04 21:57:55 +08:00

1.6 KiB

Raw Blame History

View Raw

1.6 KiB Raw Blame History

1.6 KiB

Raw Blame History