(react.dev)

298 points sangeeth96 | 1 comments | 11 Dec 25 20:46 UTC | HN request time: 0s | source

Show context

rikafurude21 ◴[11 Dec 25 21:23 UTC] No.46237343[source]▶

Im confused, did the update from last week for the RCE bug also include fixes for these new CVEs or will I need to update again? npm audit says theres no issues

replies(3): >>46237389 #>>46238088 #>>46238360 #

theogravity ◴[11 Dec 25 22:43 UTC] No.46238360[source]▶

>>46237343 #

You need to update again.

replies(2): >>46238948 #>>46241635 #

1. qingcharles ◴[12 Dec 25 07:12 UTC] No.46241635[source]▶

>>46238360 #

My Umami stats box got "pwned" about 15 mins after the last CVE was published and I spent an hour or so cleaning up that mess and upgrading everything. Not looking forward to doing it again today.

↑

Denial of service and source code exposure in React Server Components