This seems like a really big deal! It affects NextJS 15, even if the codebase isn't using Server Components, has a CVSS vulnerability score of 10/10, and there are known exploits in the wild. Can't see this doing wonders to the reputation of React Server Components.