Critical Security Vulnerability in React Server Components

A critical vulnerability in React Server Components, affecting reactjs and Vercel's NextJs, was announced, impacting specific versions of react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack, and Next.js. Most Replit applications are unaffected unless they include these vulnerable packages, particularly those created with the "Mobile app [beta]" option in Build mode. Google Cloud Armor has been employed to protect Replit's Mobile applications, and the Mobile app option has been patched to prevent future vulnerabilities. Users are advised to upgrade their Next.js and react-server-dom-* dependencies to the latest versions and utilize the Security Scanner in the app Workspace for detection and resolution. Mitigations via Google Cloud Armor protect Replit and custom domain applications, and security scans can be enabled to detect vulnerabilities during publishing, with enhanced requirements available for Teams and Enterprise administrators.