zlacker

[return to "RCE Vulnerability in React and Next.js"]
1. z3ratu+682[view] [source] 2025-12-04 05:51:25
>>rayhaa+(OP)
there can be no React RCE. if it is on the frontend, it is a browser RCE. if it is on the backend, then, as in this case it is a Next.js RCE.
◧◩
2. Tomuus+Up2[view] [source] 2025-12-04 08:56:48
>>z3ratu+682
The vulnerable code exists inside of the React Flight wire protocol that is used by Next.js but also Vite, Parcel, Waku and any other custom RSC implementation that exists. Your comment was accurate circa 2019 but not since React released server components.
[go to top]