React2Shell Vulnerability scanner (only for Next.js projects)

0_how_to.md

React2Shell vulnerable versions list for use with package-checker.sh.

Note: This JSON file is intended only for Next.js projects using React Server Components. It provides a list of vulnerable versions to help detect affected packages in your project.

GitHub: https://github.com/maxgfr/package-checker.sh

Run the scan with:

curl -sS https://raw.githubusercontent.com/maxgfr/package-checker.sh/refs/heads/main/script.sh | bash -s -- --source https://gist.githubusercontent.com/maxgfr/e0ea8a2cabc53ed476cabda4709f6bd6/raw/633a44792d783f63156296fedcdb5cd37dfe0d85/react2shell_vuln.json

react2shell_vuln.json

{
  "next": {
    "versions": [
      "14.3.0-canary.77",
      "14.3.0-canary.78",
      "14.3.0-canary.79",
      "14.3.0-canary.80",
      "14.3.0-canary.81",
      "14.3.0-canary.82",
      "14.3.0-canary.83",
      "14.3.0-canary.84",
      "14.3.0-canary.85",
      "14.3.0-canary.86",
      "14.3.0-canary.87",
      "15.6.0",
      "15.6.0-canary.0",
      "15.6.0-canary.1",
      "15.6.0-canary.2",
      "15.6.0-canary.3",
      "15.6.0-canary.4",
      "15.6.0-canary.5",
      "15.6.0-canary.6",
      "15.6.0-canary.7",
      "15.6.0-canary.8",
      "15.6.0-canary.9",
      "15.6.0-canary.10",
      "15.6.0-canary.11",
      "15.6.0-canary.12",
      "15.6.0-canary.13",
      "15.6.0-canary.14",
      "15.6.0-canary.15",
      "15.6.0-canary.16",
      "15.6.0-canary.17",
      "15.6.0-canary.18",
      "15.6.0-canary.19",
      "15.6.0-canary.20",
      "15.6.0-canary.21",
      "15.6.0-canary.22",
      "15.6.0-canary.23",
      "15.6.0-canary.24",
      "15.6.0-canary.25",
      "15.6.0-canary.26",
      "15.6.0-canary.27",
      "15.6.0-canary.28",
      "15.6.0-canary.29",
      "15.6.0-canary.30",
      "15.6.0-canary.31",
      "15.6.0-canary.32",
      "15.6.0-canary.33",
      "15.6.0-canary.34",
      "15.6.0-canary.35",
      "15.6.0-canary.36",
      "15.6.0-canary.37",
      "15.6.0-canary.38",
      "15.6.0-canary.39",
      "15.6.0-canary.40",
      "15.6.0-canary.41",
      "15.6.0-canary.42",
      "15.6.0-canary.43",
      "15.6.0-canary.44",
      "15.6.0-canary.45",
      "15.6.0-canary.46",
      "15.6.0-canary.47",
      "15.6.0-canary.48",
      "15.6.0-canary.49",
      "15.6.0-canary.50",
      "15.6.0-canary.51",
      "15.6.0-canary.52",
      "15.6.0-canary.53",
      "15.6.0-canary.54",
      "15.6.0-canary.55",
      "15.6.0-canary.56",
      "15.6.0-canary.57"
    ],
    "versions_range": [
      ">=15.0.0 <15.0.5",
      ">=15.1.0 <15.1.9",
      ">=15.2.0 <15.2.6",
      ">=15.3.0 <15.3.6",
      ">=15.4.0 <15.4.8",
      ">=15.5.0 <15.5.7",
      ">=16.0.0 <16.0.7"
    ]
  },
  "react-server-dom-webpack": {
    "versions": [
      "19.0.0",
      "19.1.0",
      "19.1.1",
      "19.2.0"
    ],
    "versions_range": [
      "19.0.0",
      ">=19.1.0 <19.1.2",
      "19.2.0"
    ]
  },
  "react-server-dom-parcel": {
    "versions": [
      "19.0.0",
      "19.1.0",
      "19.1.1",
      "19.2.0"
    ],
    "versions_range": [
      "19.0.0",
      ">=19.1.0 <19.1.2",
      "19.2.0"
    ]
  },
  "react-server-dom-turbopack": {
    "versions": [
      "19.0.0",
      "19.1.0",
      "19.1.1",
      "19.2.0"
    ],
    "versions_range": [
      "19.0.0",
      ">=19.1.0 <19.1.2",
      "19.2.0"
    ]
  }
}