Skip to content

Commit 238ebe2

Browse files
LindacornwallLindacornwall
authored
Update Advisory-EGI-SVG-2025-26.md
1 parent b6995e1 commit 238ebe2

File tree

1 file changed

+9
-10
lines changed

1 file changed

+9
-10
lines changed

2025/Advisory-EGI-SVG-2025-26.md

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,9 @@ redirect_from:
99

1010
# CRITICAL risk React Server Components Vulnerability
1111

12-
Date: 2025-12-10
12+
Date: 2025-12-10
1313
Updated: 2026-01-13
1414

15-
1615
CRITICAL risk vulnerability concerning React Server Components
1716
allowing unauthenticated remote code execution.
1817

@@ -30,10 +29,10 @@ See [R 2]
3029

3130
## ACTIONS REQUIRED/RECOMMENDED
3231

33-
Sites running web services depending on React Server Components
34-
should check [R 2] and have any vulnerable version updated urgently.
32+
Sites running web services depending on React Server Components
33+
should check [R 2] and have any vulnerable version updated urgently.
3534

36-
If anyone becomes aware of any situation where this vulnerability is
35+
If anyone becomes aware of any situation where this vulnerability is
3736
exposed in the EGI infrastructure, then please inform EGI SVG.
3837

3938

@@ -43,19 +42,19 @@ An unauthenticated remote attacker could:
4342

4443
- Execute arbitrary code on the server
4544

46-
- Access or manipulate data processed by server-side React functions
45+
- Access or manipulate data processed by server-side React functions
4746

4847
- Compromise the hosting environment
4948

5049
- Potentially pivot deeper into infrastructure
5150

52-
Because this vulnerability requires no authentication and may be
51+
Because this vulnerability requires no authentication and may be
5352
reachable through public endpoints, it is considered Critical.
5453

55-
The EGI SVG is currently not aware of potentially affected services
54+
The EGI SVG is currently not aware of potentially affected services
5655
providing functionality to the EGI ecosystem.
5756

58-
If EGI SVG becomes aware of any relevant exposure, we will send an
57+
If EGI SVG becomes aware of any relevant exposure, we will send an
5958
update to this alert and require affected sites to patch within 7 days.
6059

6160

@@ -77,7 +76,7 @@ Minor updates may be made without re-distribution to the sites.
7776
https://creativecommons.org/licenses/by/4.0/ and
7877
the EGI (https://www.egi.eu/) Software Vulnerability Group
7978
must be credited.
80-
-----------------------------
79+
---
8180

8281
Comments or questions should be sent to
8382
svg-rat at mailman.egi.eu

0 commit comments

Comments
 (0)