cR0w h0 h0

Happy patch your React Server Components again Friday to all who celebrate. The patch for CVE-2025-55184 was incomplete and still leaves systems vulnerable to DoS.

https://www.facebook.com/security/advisories/cve-2025-67779

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

CVE-2025-67779

Dec 12 at 2:23pmWeb
Show threadGary Blosser3d ago
@cR0w Does that mean we get another cloudflare downtime? Please?! 🤣
Show threadcR0w h0 h03d ago
@zombie042
Show threadnyanbinary3d ago
@cR0w good thing I havent patched yet... what
Show threadMerospit3d ago
@cR0w Why not do "Groundhog Week"?!? Who insisted on "Groundhog Day"?!? At least this way we got a week of watching the drama before being pulled back in.
Show threadcR0w h0 h03d ago
@merospit Some weeks it's groundhog day. Other weeks it's groundhog hour.