github-starred/pangolin
2
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-07 05:09:18 -05:00
Code Issues 564 Packages Projects Releases 72 Wiki Activity

[GH-ISSUE #2056] React: CVE-2025-55184, CVE-2025-67779 & CVE-2025-55183 - Denial of Service and Source Code Exposure in React Server Components #10820

New Issue
Closed
opened 2026-05-06 15:14:34 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-05-06 15:14:34 -05:00
Owner
Copy Link

Originally created by @jaydrogers on GitHub (Dec 12, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/2056

Describe the Bug

I appreciate the team quickly addressing:

Similar news hit the React world yesterday with a new set of CVEs:

One of them is a source code exposure (which I understand isn't a vulnerability in an open source project 😃), but I'm mainly more concerned about the Denial Of Service attack.

What I'm looking for

Is it possible for the Pangolin team to take a look at this and let us know if these CVEs affect the Pangolin project?

I'm not a React expert so some of these component terms are foreign to me 😅

Thanks for all your work on this incredible project!

Originally created by @jaydrogers on GitHub (Dec 12, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/2056 ### Describe the Bug I appreciate the team quickly addressing: - https://github.com/fosrl/pangolin/issues/2031 Similar news hit the React world yesterday with a new set of CVEs: - https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components One of them is a source code exposure (which I understand isn't a vulnerability in an open source project 😃), but I'm mainly more concerned about the Denial Of Service attack. ### What I'm looking for Is it possible for the Pangolin team to take a look at this and let us know if these CVEs affect the Pangolin project? I'm not a React expert so some of these component terms are foreign to me 😅 Thanks for all your work on this incredible project!
GiteaMirror commented 2026-05-06 15:14:40 -05:00
Author
Owner
Copy Link

@oschwartz10612 commented on GitHub (Dec 12, 2025):

Will do a 1.13.1 patch soon. Update here:
8eb3f6aacc

<!-- gh-comment-id:3647887256 --> @oschwartz10612 commented on GitHub (Dec 12, 2025): Will do a 1.13.1 patch soon. Update here: 8eb3f6aacc513fceb47911fdd586a14037e3d2c2
GiteaMirror commented 2026-05-06 15:14:46 -05:00
Author
Owner
Copy Link

@wallacebrf commented on GitHub (Dec 13, 2025):

Will do a 1.13.1 patch soon. Update here:
8eb3f6a

Appreciate the quick response to the vulnerability

<!-- gh-comment-id:3648804651 --> @wallacebrf commented on GitHub (Dec 13, 2025): > Will do a 1.13.1 patch soon. Update here: > [8eb3f6a](https://github.com/fosrl/pangolin/commit/8eb3f6aacc513fceb47911fdd586a14037e3d2c2) Appreciate the quick response to the vulnerability
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
api
authentication
bug
config
dependencies
docker
documentation
enhancement
good first issue
help wanted
Improvement
Look Into
needs investigating
networking
new feature
non-critical bug
potential bug
pull-request
Mirrored from GitHub Pull Request
 question
reverse proxy
Security
stale
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#10820
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?