zlacker

[return to "RCE Vulnerability in React and Next.js"]
1. AgentK+V[view] [source] 2025-12-03 16:04:20
>>rayhaa+(OP)
CVE 10.0 is bonkers for a project this widely used
◧◩
2. nine_k+7p[view] [source] 2025-12-03 17:49:44
>>AgentK+V
The packages affected, like [1], literally say:

> Experimental React Flight bindings for DOM using Webpack.

> Use it at your own risk.

311,955 weekly downloads though :-|

[1]: https://www.npmjs.com/package/react-server-dom-webpack

[go to top]