(react.dev)

298 points sangeeth96 | 1 comments | 11 Dec 25 20:46 UTC | HN request time: 0s | source

Show context

tagraves ◴[11 Dec 25 21:53 UTC] No.46237728[source]▶

It's really concerning that the biggest, most eye-grabbing part of this posting is the note with the following: "It’s common for critical CVEs to uncover follow‑up vulnerabilities."

Trying to justify the CVE before fully explaining the scope of the CVE, who is affected, or how to mitigate it -- yikes.

replies(8): >>46237817 #>>46237826 #>>46237920 #>>46238009 #>>46238017 #>>46238302 #>>46239090 #>>46241026 #

hitekker ◴[11 Dec 25 22:38 UTC] No.46238302[source]▶

>>46237728 #

There are a lot of careers riding on the optics here.

replies(1): >>46241564 #

1. IceDane ◴[12 Dec 25 06:59 UTC] No.46241564[source]▶

>>46238302 #

No, there aren't. The react team isn't going to axe half the team because there's a high severity CVE.

↑

Denial of service and source code exposure in React Server Components