zlacker

[return to "Critical RCE Vulnerabilities in React and Next.js"]
1. tinco+66[view] [source] 2025-12-03 16:29:04
>>gonepi+(OP)
Unsafe deserialization is a very 2010 Ruby on Rails sort of vulnerability. It is strangely interesting that such a vulnerability was introduced so late in the lifetime of these frameworks. It must be a very sneaky vulnerability given how cautious we have become around deserialization since then.
◧◩
2. Tomuus+Z8[view] [source] 2025-12-03 16:42:12
>>tinco+66
The React Server Components wire format (Flight) is relatively novel and very new (it has existed in React stable for just a year). This is not a simple JSON parsing bug.
[go to top]