编译 | Tina、冬梅上周刚追完 10 级补丁,以为能喘口气了?还不行。12 月 12 日,React 官方确认,研究人员在验证上周补丁时,竟又在 React Server ...
如果你在用 React 19 / Next.js 15 / 16, 这篇就当是一个温柔但坚决的催命信: Vercel 已经出手,在它的全球 Web Application Firewall(WAF)上, 加了一层拦截规则,免费帮所有托管在上面的项目挡一波。
近期,聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞, 该漏洞已被披露,编号为 CVE-2025-55182,CVSS 评分为 10.0 。
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and ...
A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting ...
In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...
Critical RSC flaws in React and Next.js enable unauthenticated remote code execution; users should update to patched versions ...
React2Shell (CVE-2025-55182) is a critical vulnerability affecting the most widely used React-based services across the web ...
A CVSS 10 rate critical vulnerability impacts React Server Components in versions 19.0–19.2.0. A patched update has been ...
当前正在显示可能无法访问的结果。
隐藏无法访问的结果
反馈