(react.dev)

298 points sangeeth96 | 1 comments | 11 Dec 25 20:46 UTC | HN request time: 0s | source

See also: https://blog.cloudflare.com/react2shell-rsc-vulnerabilities-..., https://nextjs.org/blog/security-update-2025-12-11

Show context

yread ◴[11 Dec 25 22:28 UTC] No.46238173[source]▶

>>46236924 (OP) #

Were there not enough eyes on React Server Components before the patches from last week?

replies(2): >>46238327 #>>46239398 #

1. Inviz ◴[11 Dec 25 22:40 UTC] No.46238327[source]▶

>>46238173 #

have you seen the code of next.js? its completely impenetrable, and the packages have legacy versions of the same files coexisting, it's like huge hairball

↑

Denial of service and source code exposure in React Server Components