Vite Plugin React has a Denial of Service Vulnerability in React Server Components
High severity GitHub Reviewed Published Dec 12, 2025 in vitejs/vite-plugin-react • Updated Dec 12, 2025
Description
Published to the GitHub Advisory Database Dec 12, 2025
Reviewed Dec 12, 2025
Last updated Dec 12, 2025
Impact
@vitejs/plugin-rscvendorsreact-server-dom-webpack, which contained a vulnerability in versions prior to 19.2.3. See details in React repository's advisory GHSA-7gmr-mq3h-m5h9Patches
Upgrade immediately to
@vitejs/[email protected]or later.References