React, Next.js disclose follow-up vulnerabilities, again urge users to patch immediately
(cybernews.com)
from chasteinsect@programming.dev to programming@programming.dev on 12 Dec 14:33
https://programming.dev/post/42261137
from chasteinsect@programming.dev to programming@programming.dev on 12 Dec 14:33
https://programming.dev/post/42261137
“React is once again urging developers to update immediately, as researchers have discovered two additional vulnerabilities in React Server Components while testing the previous patch. These bugs also affect Next.js, and likely other popular React frameworks.
The flaws are not as serious as the critical “worst case scenario” bug, disclosed last week, and do not allow for remote code execution. However, they enable attackers to perform denial-of-service attacks and expose source code.”
#programming
threaded - newest