zlacker

[return to "RCE Vulnerability in React and Next.js"]
1. z3ratu+682[view] [source] 2025-12-04 05:51:25
>>rayhaa+(OP)
there can be no React RCE. if it is on the frontend, it is a browser RCE. if it is on the backend, then, as in this case it is a Next.js RCE.
◧◩
2. steve_+GN3[view] [source] 2025-12-04 17:58:34
>>z3ratu+682
You're wrong, but this is one of the unsettling things about the vulnerability and what React has become. Intuitively, you'd think a view library can't have RCE vulnerabilities like this. But that's not what React is anymore.
[go to top]