{
    "componentChunkName": "component---src-templates-blog-blog-post-blog-post-js",
    "path": "/articles/okta-response-to-react2shell/",
    "result": {"data":{"contentfulSecOktaComBlogPost":{"title":"Okta’s Response to React2Shell","slug":"/okta-response-to-react2shell","date":"2025-12-05T00:00","updatedAt":"2025-12-05T12:38:36.424Z","body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"On December 3, 2025, the maintainers of React and Next.js disclosed a critical pre-authentication remote code execution (RCE) vulnerability in React Server Components (\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"CVE-2025-55182\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\") with a CVSS score of 10.0.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The vulnerability impacts versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 of RSC, as well as all frameworks that support React Server Components, including Next.js (\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://nextjs.org/blog/CVE-2025-66478\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"CVE-2025-66478\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\").\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s Response\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has upgraded all production systems to fixed versions,\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has published actions required for application developers that rely on \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://support.auth0.com/center/s/article/developer-statement-react-server-components-critical-vulnerability-cve-2025-55182-action-required\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Auth0\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" or \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://support.okta.com/help/s/article/Developer-Statement-React-Server-Components-Critical-Vulnerability-CVE-2025-55182-Action-Required-Okta?language=en_US\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" SDKs to build React or Next.js applications,\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"While we have detected opportunistic scanning activity on non-vulnerable systems, we have not observed successful exploitation of this vulnerability against Auth0 or Okta services.   \\n\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Action for Auth0 and Okta SDKs users\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"For actions required and developer guidance, please refer to the appropriate KnowledgeBase article:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://support.auth0.com/center/s/article/developer-statement-react-server-components-critical-vulnerability-cve-2025-55182-action-required\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Auth0 React Server Components Critical Vulnerability (CVE-2025-55182) Action Required\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://support.okta.com/help/s/article/Developer-Statement-React-Server-Components-Critical-Vulnerability-CVE-2025-55182-Action-Required-Okta?language=en_US\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta React Server Components Critical Vulnerability (CVE-2025-55182) Action Required\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]}]}","references":[]},"secAuthor":[{"id":"1e934185-d220-5cf6-915f-afe21369ab6b","name":"Okta","slug":"okta","jobTitle":"","bio":{"bio":""},"image":{"id":"aad48c52-e750-5cb2-85dd-f4b944ce8139","url":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg","gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#f8f8f8","width":58,"height":58}}}]}},"pageContext":{"slug":"/okta-response-to-react2shell"}},
    "staticQueryHashes": []}