编译 | Tina、冬梅上周刚追完 10 级补丁,以为能喘口气了?还不行。12 月 12 日,React 官方确认,研究人员在验证上周补丁时,竟又在 React Server ...
如果你在用 React 19 / Next.js 15 / 16, 这篇就当是一个温柔但坚决的催命信: Vercel 已经出手,在它的全球 Web Application Firewall(WAF)上, 加了一层拦截规则,免费帮所有托管在上面的项目挡一波。
近期,聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞, 该漏洞已被披露,编号为 CVE-2025-55182,CVSS 评分为 10.0 。
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting ...
Critical RSC flaws in React and Next.js enable unauthenticated remote code execution; users should update to patched versions ...
InfoQ中国 on MSN
紧急补丁——React服务器函数中的严重漏洞CVE-2025-55182被主动利用
11月29日, Lachlan Davidson 报告了React Server Components(RSC)中一个未经身份验证的远程代码执行(RCE)漏洞。该漏洞于12月3日公开披露,并被追踪为 CVE-2025-55182 ...
React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ...
A CVSS 10 rate critical vulnerability impacts React Server Components in versions 19.0–19.2.0. A patched update has been ...
A critical-severity vulnerability impacting the popular React open-source library deserves attention, but is far from the ...
当前正在显示可能无法访问的结果。
隐藏无法访问的结果
反馈