zlacker
[parent]
[thread]
3 comments
1. clucki+(OP)
[view]
[source]
2025-12-03 21:34:57
”use server” is not required for this vulnerability to be exploitable.
replies(1):
>>sysgue+eb1
◧
2. sysgue+eb1
[view]
[source]
2025-12-04 08:09:59
>>clucki+(OP)
wait I'm only using React for SPA (no server rendering)
am I also vulnerable??????
replies(2):
>>clucki+Ae1
>>__jona+7K1
◧◩
3. clucki+Ae1
[view]
[source]
[discussion]
2025-12-04 08:45:13
>>sysgue+eb1
Only if you are running a vulnerable version of Next.js server.
◧◩
4. __jona+7K1
[view]
[source]
[discussion]
2025-12-04 13:02:21
>>sysgue+eb1
No, unless you run the React Server Component runtime on your server, which you wouldn't do with a SPA, you would just serve a static bundle.
[go to top]