zlacker

[parent] [thread] 3 comments
1. karimf+(OP)[view] [source] 2025-12-03 17:00:38
Dang, Cloudflare is moving fast. Cloudflare WAF proactively protects against React vulnerability https://blog.cloudflare.com/waf-rules-react-vulnerability/
replies(2): >>xnorsw+C >>bradly+g3
2. xnorsw+C[view] [source] 2025-12-03 17:03:03
>>karimf+(OP)
This is what coordinated disclosure looks like.
replies(1): >>karimf+o2
◧◩
3. karimf+o2[view] [source] [discussion] 2025-12-03 17:10:57
>>xnorsw+C
Given that most Next.js and RSC apps run on Vercel, I’m wondering if they’re doing the same thing. There’s no information about this in their latest blog post [0].

Update: They do similar thing. Mentioned here [1]

[0] https://nextjs.org/blog/CVE-2025-66478

[1] https://vercel.com/changelog/cve-2025-55182

4. bradly+g3[view] [source] 2025-12-03 17:14:54
>>karimf+(OP)
Would be interesting to hear from Cloudflare the extent of exploitation before today. I'm assuming they can see if/when this started being exploited.
[go to top]