Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/react-server-dom-turbopack@19.0.5
Typenpm
Namespace
Namereact-server-dom-turbopack
Version19.0.5
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version19.1.0-canary-029e8bd6-20250306
Latest_non_vulnerable_version19.3.0-canary-06fcc8f3-20251009
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-fa57-smff-sbg2
vulnerability_id VCID-fa57-smff-sbg2
summary A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack and react-server-dom-webpack (versions 19.0.0 through 19.0.4, 19.1.0 through 19.1.5, and 19.2.0 through 19.2.4). The vulnerability is triggered by sending specially crafted HTTP requests to Server Function endpoints.The payload of the HTTP request causes excessive CPU usage for up to a minute ending in a thrown error that is catchable.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23869.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23869.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23869
reference_id
reference_type
scores
0
value 0.00322
scoring_system epss
scoring_elements 0.55259
published_at 2026-04-11T12:55:00Z
1
value 0.00322
scoring_system epss
scoring_elements 0.5522
published_at 2026-04-13T12:55:00Z
2
value 0.00322
scoring_system epss
scoring_elements 0.55238
published_at 2026-04-12T12:55:00Z
3
value 0.00322
scoring_system epss
scoring_elements 0.55247
published_at 2026-04-09T12:55:00Z
4
value 0.00688
scoring_system epss
scoring_elements 0.71777
published_at 2026-04-18T12:55:00Z
5
value 0.00688
scoring_system epss
scoring_elements 0.71772
published_at 2026-04-16T12:55:00Z
6
value 0.00688
scoring_system epss
scoring_elements 0.7176
published_at 2026-04-21T12:55:00Z
7
value 0.00728
scoring_system epss
scoring_elements 0.72709
published_at 2026-04-29T12:55:00Z
8
value 0.00728
scoring_system epss
scoring_elements 0.72704
published_at 2026-04-24T12:55:00Z
9
value 0.00728
scoring_system epss
scoring_elements 0.72713
published_at 2026-04-26T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23869
2
reference_url https://github.com/facebook/react
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/facebook/react
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23869
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23869
4
reference_url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456663
reference_id 2456663
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456663
6
reference_url https://github.com/advisories/GHSA-479c-33wc-g2pg
reference_id GHSA-479c-33wc-g2pg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-479c-33wc-g2pg
7
reference_url https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg
reference_id GHSA-479c-33wc-g2pg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T19:55:33Z/
url https://github.com/facebook/react/security/advisories/GHSA-479c-33wc-g2pg
fixed_packages
0
url pkg:npm/react-server-dom-turbopack@19.0.5
purl pkg:npm/react-server-dom-turbopack@19.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.5
1
url pkg:npm/react-server-dom-turbopack@19.1.6
purl pkg:npm/react-server-dom-turbopack@19.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.1.6
2
url pkg:npm/react-server-dom-turbopack@19.2.5
purl pkg:npm/react-server-dom-turbopack@19.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.2.5
aliases CVE-2026-23869, GHSA-479c-33wc-g2pg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fa57-smff-sbg2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/react-server-dom-turbopack@19.0.5