(react.dev)

298 points sangeeth96 | 2 comments | 11 Dec 25 20:46 UTC | HN request time: 0s | source

Show context

tagraves ◴[11 Dec 25 21:53 UTC] No.46237728[source]▶

It's really concerning that the biggest, most eye-grabbing part of this posting is the note with the following: "It’s common for critical CVEs to uncover follow‑up vulnerabilities."

Trying to justify the CVE before fully explaining the scope of the CVE, who is affected, or how to mitigate it -- yikes.

replies(8): >>46237817 #>>46237826 #>>46237920 #>>46238009 #>>46238017 #>>46238302 #>>46239090 #>>46241026 #

1. zwnow ◴[11 Dec 25 22:01 UTC] No.46237826[source]▶

>>46237728 #

Welcome to the React, Next, Vercel ecosystem. Our tech may be shite but we look fancy.

replies(1): >>46238571 #

2. brazukadev ◴[11 Dec 25 23:03 UTC] No.46238571[source]▶

>>46237826 (TP) #

The Vercel CEO post congratulating his team for how they managed the vulnerability was funny

↑

Denial of service and source code exposure in React Server Components