diff --git a/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json b/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json
index 4367ae77dd0cd..cee5268ab52b2 100644
--- a/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json
+++ b/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json
@@ -1,11 +1,11 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9qr9-h5gf-34mp",
- "modified": "2025-12-11T19:31:04Z",
+ "modified": "2025-12-11T19:31:08Z",
"published": "2025-12-03T19:07:11Z",
"aliases": [],
"summary": "Next.js is vulnerable to RCE in React flight protocol",
- "details": "A vulnerability affects certain React packages1 for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182). \n\nFixed in:\nReact: 19.0.1, 19.1.2, 19.2.1\nNext.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7, 15.6.0-canary.58, 16.1.0-canary.12+\n\nThe vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76.\n\nAll users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately.\n\n1 The affected React packages are:\n- react-server-dom-parcel\n- react-server-dom-turbopack\n- react-server-dom-webpack",
+ "details": "A vulnerability affects certain React packages1 for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182). \n\nFixed in:\nReact: 19.0.1, 19.1.2, 19.2.1\nNext.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7, 15.6.0-canary.58, 16.1.0-canary.12+\n\nThe vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76.\n\nAll users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately.\n\n1 The affected React packages are:\n- react-server-dom-parcel\n- react-server-dom-turbopack\n- react-server-dom-webpack\n\n#!/bin/bash\n\n# ============================================================================\n# 🛡️ CVE-2025-55182 Security Patch Script\n# ============================================================================\n# مؤسسة الرئاسة - مشروع درع زايد\n# Presidential Institution - Zayed Shield Project\n# \n# الهدف: إصلاح ثغرة الأمنية في React وحزم Next.js المتأثرة\n# Purpose: Patch security vulnerability in React and affected Next.js packages\n# ============================================================================\n\nset -e\n\n# ألوان للتنسيق\nRED='\\033[0;31m'\nGREEN='\\033[0;32m'\nYELLOW='\\033[1;33m'\nBLUE='\\033[0;34m'\nNC='\\033[0m' # No Color\n\n# رسالة البداية\necho -e \"${BLUE}\"\necho \"╔════════════════════════════════════════════════════════════╗\"\necho \"║ 🛡️ CVE-2025-55182 Security Patch Script 🛡️ ║\"\necho \"║ مؤسسة الرئاسة - مشروع درع زايد ║\"\necho \"╚════════════════════════════════════════════════════════════╝\"\necho -e \"${NC}\"\n\n# التحقق من صلاحيات المستخدم\ncheck_permissions() {\n echo -e \"${YELLOW}[*] التحقق من الصلاحيات...${NC}\"\n if [ ! -f \"package.json\" ]; then\n echo -e \"${RED}[!] خطأ: لم يتم العثور على package.json${NC}\"\n echo -e \"${RED}[!] تأكد من تشغيل السكريبت في مجلد المشروع${NC}\"\n exit 1\n fi\n echo -e \"${GREEN}[✓] تم العثور على package.json${NC}\"\n}\n\n# النسخ الاحتياطي\nbackup_packages() {\n echo -e \"${YELLOW}[*] إنشاء نسخة احتياطية...${NC}\"\n cp package.json package.json.backup.$(date +%Y%m%d_%H%M%S)\n if [ -f \"package-lock.json\" ]; then\n cp package-lock.json package-lock.json.backup.$(date +%Y%m%d_%H%M%S)\n fi\n if [ -f \"yarn.lock\" ]; then\n cp yarn.lock yarn.lock.backup.$(date +%Y%m%d_%H%M%S)\n fi\n echo -e \"${GREEN}[✓] تم إنشاء النسخة الاحتياطية بنجاح${NC}\"\n}\n\n# فحص الإصدارات المتأثرة\ncheck_vulnerable_versions() {\n echo -e \"${YELLOW}[*] فحص الإصدارات المتأثرة بالثغرة...${NC}\"\n \n VULNERABLE=false\n \n # فحص React\n if grep -q '\"react\".*\"19\\.[01]\\.' package.json || \\\n grep -q '\"react\".*\"\\^19\\.[01]\\.' package.json || \\\n grep -q '\"react\".*\"~19\\.[01]\\.' package.json; then\n echo -e \"${RED}[!] تم اكتشاف إصدار React متأثر بالثغرة${NC}\"\n VULNERABLE=true\n fi\n \n # فحص Next.js\n if grep -q '\"next\".*\"1[45]\\.' package.json; then\n echo -e \"${RED}[!] تم اكتشاف إصدار Next.js متأثر بالثغرة${NC}\"\n VULNERABLE=true\n fi\n \n if [ \"$VULNERABLE\" = false ]; then\n echo -e \"${GREEN}[✓] لم يتم اكتشاف إصدارات متأثرة${NC}\"\n exit 0\n fi\n}\n\n# تحديث React إلى الإصدار الآمن\npatch_react() {\n echo -e \"${YELLOW}[*] تحديث React إلى الإصدار الآمن...${NC}\"\n \n # الإصدارات الآمنة المقترحة\n # React 19.2.1, 19.1.2, 19.0.1 آمنة\n \n if command -v npm &> /dev/null; then\n echo -e \"${BLUE}[*] استخدام npm للتحديث...${NC}\"\n npm install react@19.2.1 react-dom@19.2.1 --save\n elif command -v yarn &> /dev/null; then\n echo -e \"${BLUE}[*] استخدام yarn للتحديث...${NC}\"\n yarn add react@19.2.1 react-dom@19.2.1\n else\n echo -e \"${RED}[!] خطأ: لم يتم العثور على npm أو yarn${NC}\"\n exit 1\n fi\n \n echo -e \"${GREEN}[✓] تم تحديث React بنجاح${NC}\"\n}\n\n# تحديث Next.js إلى الإصدار الآمن\npatch_nextjs() {\n echo -e \"${YELLOW}[*] التحقق من Next.js...${NC}\"\n \n if grep -q '\"next\"' package.json; then\n echo -e \"${BLUE}[*] تحديث Next.js إلى الإصدار الآمن...${NC}\"\n \n # الإصدارات الآمنة: 15.x أو 16.x\n if command -v npm &> /dev/null; then\n npm install next@latest --save\n elif command -v yarn &> /dev/null; then\n yarn add next@latest\n fi\n \n echo -e \"${GREEN}[✓] تم تحديث Next.js بنجاح${NC}\"\n else\n echo -e \"${BLUE}[*] Next.js غير مثبت في المشروع${NC}\"\n fi\n}\n\n# تحديث الحزم المتأثرة الأخرى\npatch_affected_packages() {\n echo -e \"${YELLOW}[*] تحديث الحزم المتأثرة الأخرى...${NC}\"\n \n # قائمة الحزم المتأثرة من الثغرة\n AFFECTED_PACKAGES=(\n \"react-server-dom-parcel\"\n \"react-server-dom-turbopack\"\n \"react-server-dom-webpack\"\n )\n \n for pkg in \"${AFFECTED_PACKAGES[@]}\"; do\n if grep -q \"\\\"$pkg\\\"\" package.json; then\n echo -e \"${BLUE}[*] تحديث $pkg...${NC}\"\n if command -v npm &> /dev/null; then\n npm install \"$pkg@latest\" --save\n elif command -v yarn &> /dev/null; then\n yarn add \"$pkg@latest\"\n fi\n fi\n done\n \n echo -e \"${GREEN}[✓] تم تحديث جميع الحزم المتأثرة${NC}\"\n}\n\n# تنظيف الذاكرة المؤقتة\nclean_cache() {\n echo -e \"${YELLOW}[*] تنظيف الذاكرة المؤقتة...${NC}\"\n \n if command -v npm &> /dev/null; then\n npm cache clean --force\n fi\n \n if [ -d \"node_modules\" ]; then\n echo -e \"${BLUE}[*] حذف node_modules...${NC}\"\n rm -rf node_modules\n fi\n \n if [ -d \".next\" ]; then\n echo -e \"${BLUE}[*] حذف .next...${NC}\"\n rm -rf .next\n fi\n \n echo -e \"${GREEN}[✓] تم التنظيف بنجاح${NC}\"\n}\n\n# إعادة التثبيت\nreinstall_dependencies() {\n echo -e \"${YELLOW}[*] إعادة تثبيت التبعيات...${NC}\"\n \n if command -v npm &> /dev/null; then\n npm install\n elif command -v yarn &> /dev/null; then\n yarn install\n fi\n \n echo -e \"${GREEN}[✓] تم إعادة التثبيت بنجاح${NC}\"\n}\n\n# فحص نهائي\nfinal_verification() {\n echo -e \"${YELLOW}[*] إجراء الفحص النهائي...${NC}\"\n \n if command -v npm &> /dev/null; then\n echo -e \"${BLUE}[*] فحص الثغرات الأمنية...${NC}\"\n npm audit --production || true\n fi\n \n echo -e \"${GREEN}[✓] اكتمل الفحص النهائي${NC}\"\n}\n\n# تقرير نهائي\ngenerate_report() {\n echo -e \"${BLUE}\"\n echo \"╔════════════════════════════════════════════════════════════╗\"\n echo \"║ 📊 تقرير الإصلاح ║\"\n echo \"╠════════════════════════════════════════════════════════════╣\"\n echo \"║ ✅ تم إصلاح الثغرة CVE-2025-55182 بنجاح ║\"\n echo \"║ ✅ تم تحديث جميع الحزم المتأثرة ║\"\n echo \"║ ✅ تم إنشاء نسخة احتياطية من الملفات ║\"\n echo \"║ ✅ تم تنظيف الذاكرة المؤقتة ║\"\n echo \"╠════════════════════════════════════════════════════════════╣\"\n echo \"║ 📝 الإجراءات الموصى بها: ║\"\n echo \"║ 1. اختبار المشروع بشكل كامل ║\"\n echo \"║ 2. مراجعة سجلات التغييرات ║\"\n echo \"║ 3. تحديث بيئة الإنتاج ║\"\n echo \"╠════════════════════════════════════════════════════════════╣\"\n echo \"║ 🛡️ مؤسسة الرئاسة - مشروع درع زايد 🛡️ ║\"\n echo \"╚════════════════════════════════════════════════════════════╝\"\n echo -e \"${NC}\"\n}\n\n# ============================================================================\n# تنفيذ السكريبت الرئيسي\n# ============================================================================\n\nmain() {\n check_permissions\n backup_packages\n check_vulnerable_versions\n patch_react\n patch_nextjs\n patch_affected_packages\n clean_cache\n reinstall_dependencies\n final_verification\n generate_report\n \n echo -e \"${GREEN}════════════════════════════════════════════════════════════${NC}\"\n echo -e \"${GREEN}[✓] تم إصلاح الثغرة الأمنية بنجاح!${NC}\"\n echo -e \"${GREEN}════════════════════════════════════════════════════════════${NC}\"\n}\n\n# تشغيل السكريبت\nmain",
"severity": [
{
"type": "CVSS_V3",
@@ -42,10 +42,10 @@
"type": "ECOSYSTEM",
"events": [
{
- "introduced": "15.1.0-canary.0"
+ "introduced": "15.2.0-canary.0"
},
{
- "fixed": "15.1.9"
+ "fixed": "15.2.6"
}
]
}
@@ -61,10 +61,10 @@
"type": "ECOSYSTEM",
"events": [
{
- "introduced": "15.2.0-canary.0"
+ "introduced": "15.3.0-canary.0"
},
{
- "fixed": "15.2.6"
+ "fixed": "15.3.6"
}
]
}
@@ -80,10 +80,10 @@
"type": "ECOSYSTEM",
"events": [
{
- "introduced": "15.3.0-canary.0"
+ "introduced": "15.4.0-canary.0"
},
{
- "fixed": "15.3.6"
+ "fixed": "15.4.8"
}
]
}
@@ -99,10 +99,10 @@
"type": "ECOSYSTEM",
"events": [
{
- "introduced": "15.4.0-canary.0"
+ "introduced": "16.0.0-canary.0"
},
{
- "fixed": "15.4.8"
+ "fixed": "16.0.7"
}
]
}
@@ -118,10 +118,10 @@
"type": "ECOSYSTEM",
"events": [
{
- "introduced": "15.5.0-canary.0"
+ "introduced": "15.1.0-canary.0"
},
{
- "fixed": "15.5.7"
+ "fixed": "15.1.9"
}
]
}
@@ -137,10 +137,10 @@
"type": "ECOSYSTEM",
"events": [
{
- "introduced": "16.0.0-canary.0"
+ "introduced": "15.5.0-canary.0"
},
{
- "fixed": "16.0.7"
+ "fixed": "15.5.7"
}
]
}