"React is once again urging developers to update immediately, as researchers have discovered two additional vulnerabilities in React Server Components while testing the previous patch. These bugs also affect Next.js, and likely other popular React frameworks.

The flaws are not as serious as the critical “worst case scenario” bug, disclosed last week, and do not allow for remote code execution. However, they enable attackers to perform denial-of-service attacks and expose source code."