(react.dev)

298 points sangeeth96 | 1 comments | 11 Dec 25 20:46 UTC | HN request time: 0.2s | source

Show context

tagraves ◴[11 Dec 25 21:53 UTC] No.46237728[source]▶

It's really concerning that the biggest, most eye-grabbing part of this posting is the note with the following: "It’s common for critical CVEs to uncover follow‑up vulnerabilities."

Trying to justify the CVE before fully explaining the scope of the CVE, who is affected, or how to mitigate it -- yikes.

replies(8): >>46237817 #>>46237826 #>>46237920 #>>46238009 #>>46238017 #>>46238302 #>>46239090 #>>46241026 #

treesknees ◴[11 Dec 25 22:01 UTC] No.46237817[source]▶

>>46237728 #

What’s concerning about it? The first thing I thought when I read the headline was “wow, another react CVE?” It’s not a justification, it’s an explanation to the most obvious immediate question.

replies(3): >>46237975 #>>46238064 #>>46238562 #

1. tom1337 ◴[11 Dec 25 22:20 UTC] No.46238064[source]▶

>>46237817 #

But it is another React CVE. Doesn't really matter why it was uncovered, it's bad that it existed either way

↑

Denial of service and source code exposure in React Server Components