A plugin for Vite that enables React Server Components (RSC) support, allowing developers to use server-side rendering capabilities in their React applications built with Vite.

Vite RSC Plugin

### Summary
`@vitejs/plugin-rsc` vendors `react-server-dom-webpack`, which contained an unauthenticated remote code execution vulnerability in versions prior to 19.0.1, 19.1.2, and 19.2.1. See details in React repository's advisory https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r
### Impact
Applications using affected versions of `@vitejs/plugin-rsc` are vulnerable to unauthenticated remote code execution through deserialization of untrusted data. An attacker can execute arbitrary code remotely without authentication, affecting confidentiality, integrity, and availability.
### Recommendations
Upgrade immediately to `@vitejs/plugin-rsc@0.5.3` or later.
### Workarounds
Applications not using server-side React or React Server Components are unaffected.

CVE ID	Gravidade	Pontuação	Tecnologias	Nome do componente	Exploração do CISA KEV	Tem correção	Data de publicação
GHSA-fmh4-wr37-44fp	CRITICAL	10	Vite RSC Plugin	@vitejs/plugin-rsc	Não	Sim	Dec 03, 2025
CVE-2025-55182	CRITICAL	10	JavaScript	react-server-dom-turbopack	Sim	Sim	Dec 03, 2025
CVE-2025-67489	CRITICAL	9.8	Vite RSC Plugin	@vitejs/plugin-rsc	Não	Sim	Dec 09, 2025
GHSA-cpqf-f22c-r95x	HIGH	7.5	Vite RSC Plugin	@vitejs/plugin-rsc	Não	Sim	Dec 12, 2025
GHSA-c6m7-q6pr-c64r	MEDIUM	5.3	Vite RSC Plugin	@vitejs/plugin-rsc	Não	Sim	Dec 12, 2025

GHSA-fmh4-wr37-44fp:
Vite RSC Plugin Análise e mitigação de vulnerabilidades

Summary

Impact

Recommendations

Workarounds

10

Relacionado Vite RSC Plugin Vulnerabilidades:

Compare sua postura de segurança na nuvem

Recursos adicionais da Wiz

PEACH

Pronto para ver a Wiz em ação?

GHSA-fmh4-wr37-44fp: Vite RSC Plugin Análise e mitigação de vulnerabilidades