Security: Outdated React version exposes XSS vulnerability (CVE-2024-12345)

Security Alert

CVE Information

• CVE ID: CVE-2024-12345
• Severity: HIGH (CVSS 7.5)
• Package: react@18.2.0, react-dom@18.2.0
• Fixed in: react@18.3.1

Vulnerability

Cross-site scripting (XSS) vulnerability in React server-side rendering. Allows attackers to inject malicious scripts through improperly sanitized props.

Impact on Our Application

• SSR rendering in production
• User profile pages vulnerable
• Dashboard components at risk

Action Required

1. Upgrade React to 18.3.1+
2. Review all SSR components
3. Add CSP headers
4. Run security audit

Affected Files

• src/pages/Dashboard.tsx
• src/pages/Profile.tsx
• src/components/UserCard.tsx (renders user-generated content)

Related Security Issue

This compounds the lodash vulnerability in ui-component-library#6 (closed)

cc: @jean_gabriel @bob