@ArturZ has provided custom signatures for BigFix Inventory that are a first-pass at detecting the affected React Server Components. Consider this a rapid-release 'best effort' and subject to the same caveats as our early-release for Log4j detections at Log4j Vulnerability Identification and 3rd Party Remediation Solution Testing Statement . Which is to say, I give Artur all of the thanks and none of the blame 
- https://bigfix.me/signature/details/1266 contains the signatures for react-server-components that are believed to be safe.
- https://bigfix.me/signature/details/1267 contains a signature for react-server-components that are known to be affected by the CVE.
Known-issue is that at this time, the signatures only detect the direct installation of the react-server-components; I expect the do not detect the bundled versions provided by 'next' or 'vitejs-plugin-rsc', but may well detect the bundled versions that are loaded as dependencies for 'react-router', 'expo', or 'redwood sdk'. If any of you are running known versions of any of those products, I'd greatly appreciate your feedback on scan results.
The process for using both of custom signatures is the same:
- Download the signature file from URL provided under every type of discovery described.
- Login to BigFix Inventory.
- Go to Management → Catalog Customization.
- Import the file with the custom signature.
- Run an import process.
- Make sure that the catalog was propagated to the endpoints (automatically created action for propagation the endpoint executed on all applicable endpoints).
- Run a software scan on the endpoints.
- Ensure the Upload Software Scan Result fixlet is running.
- Run an import process to import the scan results.
- Verify the results on the reports.