This application intentionally uses vulnerable versions of Next.js and React for security scanner testing purposes only.
- CVE: CVE-2025-55182 (React2Shell)
- CVSS Score: 10.0 (Critical)
- Type: Unsafe deserialization in React Server Components
- Impact: Pre-authentication remote code execution
| Package | Version | Patched Version |
|---|---|---|
| next | 15.0.0 | ≥15.0.5, ≥15.1.9, ≥15.2.6, ≥15.3.6, ≥15.4.8, ≥15.5.7, ≥16.0.7 |
| react | 19.0.0 | ≥19.0.1, ≥19.1.2, ≥19.2.1 |
| react-dom | 19.0.0 | ≥19.0.1, ≥19.1.2, ≥19.2.1 |
This app exists solely to validate that security scanning tools correctly identify CVE-2025-55182 in dependency manifests.