A high severity Denial-of-Service (DoS) vulnerability has been found in React Server Components and Next.js. Deno has implemented mitigations in Deno Deploy. Immediate upgrades are required for other users.

Deno's official blog provides updates, tutorials, and use cases for Deno, a secure JavaScript/TypeScript runtime. Developers can explore Deno's features, security model, and ecosystem integrations, gaining insights into modern JavaScript development practices. With contributions from Deno core contributors and community members, the blog offers resources for developers adopting Deno for their projects.

Deno

A high severity DoS vulnerability (CVE-2025-55184) has been discovered in React Server Components and Next.js that allows attackers to hang servers through crafted HTTP requests causing infinite loops. The vulnerability affects Next.js 13.3+, 14, 15, and 16 using App Router, as well as applications using React Router RSC, Waku, Parcel RSC, Vite RSC, and RedwoodSDK. Deno Deploy has implemented runtime-level mitigations to protect hosted applications automatically. All other users must immediately upgrade to patched versions: Next.js 16.0.9+, 15.5.8+, or 14.2.34+, and React Server Components libraries to 19.2.2+. This is separate from the previously disclosed RCE vulnerability and requires a new upgrade.

React / Next.js Denial-of-Service Vulnerability: Deno Deploy users protected