(react.dev)

298 points sangeeth96 | 1 comments | 11 Dec 25 20:46 UTC | HN request time: 0.198s | source

See also: https://blog.cloudflare.com/react2shell-rsc-vulnerabilities-..., https://nextjs.org/blog/security-update-2025-12-11

1. ydj ◴[12 Dec 25 01:04 UTC] No.46239665[source]▶

>>46236924 (OP) #

I noticed requests that were exploiting the vulnerability were turning into timeouts pretty much immediately after rolling out the patch. I’m surprised it took so long for it to be announced.

↑

Denial of service and source code exposure in React Server Components