Trusted Design

• 重大度: HIGH
• 公開日: 2025-12-11
• 更新日: 2025-12-15

概要

A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints, which can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

このCVEに関連するMITRE ATT&CKテクニック

• T1557 - Adversary-in-the-Middle
• T1056.001 - Keylogging
• T1583.002 - DNS Server
• T1114.001 - Local Email Collection
• T1192 - Spearphishing Link
• T1121 - Regsvcs/Regasm
• T1652 - Device Driver Discovery
• T1564 - Hide Artifacts
• T1591.003 - Identify Business Tempo
• T1484.002 - Trust Modification
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1608.001 - Upload Malware
• T1190 - Exploit Public-Facing Application
• T1558 - Steal or Forge Kerberos Tickets
• T1518.002 - Backup Software Discovery
• T1218.003 - CMSTP
• T1525 - Implant Internal Image
• T1076 - Remote Desktop Protocol
• T1145 - Private Keys
• T1155 - AppleScript
• T1563 - Remote Service Session Hijacking
• T1179 - Hooking
• T1598.004 - Spearphishing Voice
• T1546.008 - Accessibility Features
• T1204.005 - Malicious Library
• T1027.017 - SVG Smuggling
• T1083 - File and Directory Discovery
• T1647 - Plist File Modification
• T1649 - Steal or Forge Authentication Certificates
• T1049 - System Network Connections Discovery
• T1051 - Shared Webroot
• T1218.005 - Mshta
• T1608 - Stage Capabilities
• T1608.005 - Link Target
• T1598.002 - Spearphishing Attachment
• T1585.003 - Cloud Accounts
• T1041 - Exfiltration Over C2 Channel
• T1679 - Selective Exclusion
• T1534 - Internal Spearphishing
• T1219.003 - Remote Access Hardware
• T1562.001 - Disable or Modify Tools
• T1055.012 - Process Hollowing
• T1110.004 - Credential Stuffing
• T1187 - Forced Authentication
• T1486 - Data Encrypted for Impact
• T1128 - Netsh Helper DLL
• T1595.003 - Wordlist Scanning
• T1137.004 - Outlook Home Page
• T1499 - Endpoint Denial of Service
• T1500 - Compile After Delivery
• T1213.003 - Code Repositories
• T1055.009 - Proc Memory
• T1223 - Compiled HTML File
• T1070.009 - Clear Persistence
• T1022 - Data Encrypted
• T1498 - Network Denial of Service
• T1564.005 - Hidden File System
• T1136 - Create Account
• T1084 - Windows Management Instrumentation Event Subscription
• T1653 - Power Settings
• T1204.001 - Malicious Link
• T1086 - PowerShell
• T1588.005 - Exploits
• T1127 - Trusted Developer Utilities Proxy Execution

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る