zlacker

[return to "RCE Vulnerability in React and Next.js"]
1. samdoe+3R[view] [source] 2025-12-03 20:04:05
>>rayhaa+(OP)
This is genuinely embarrassing for the Next.js and React teams. They were warned for years that their approach to server-client communication had risks, derided and ignored everyone who didn't provide unconditional praise, and now this.

I think their time as Javascript thought leaders is past due.

◧◩
2. zbentl+cF4[view] [source] 2025-12-04 22:21:31
>>samdoe+3R
Curious, not critical: got links to the warnings that were given about this approach over the years?

I’m interested in learning more about the history here.

[go to top]