We found that the fix to address the DoS vulnerability in React was incomplete