Phát hiện lỗ hổng nghiêm trọng trong giao thức React Server Components (RSC). Cộng đồng dev cần chú ý và cập nhật thông tin để bảo vệ ứng dụng.
#React #RSC #Vulnerability #BảoMật #LỗHổng #DevOps #Frontend
If you're running #React or #NextJS, make sure to patch! We've also just applied the Fastly WAF rule for this. https://www.msn.com/en-us/news/technology/exploitation-is-imminent-as-39-percent-of-cloud-environs-have-max-severity-react-hole/ar-AA1REzDd
Re-learning some #react after a year or so not using it much. Moment of friction: forgetting to add `event.preventDefault()` to a form submit handler; otherwise data is thrashed because of a page reload. I'm suddenly having the feeling react should do this for me, although I don't think I ever would have thought that before when I was writing tons of JavaScript daily.
the bad news: lots of sloppity slop PoCs (slopocs???) abounding for the critical pre-auth React RCE
the good news: more time for you to patch your #React & #Nextjs apps ✨
my write up from yesterday on what to know & what to do: https://www.fastly.com/blog/fastlys-proactive-protection-critical-react-rce-cve-2025-55182
@earth_walker I wanted to switch to Astro + Solid but there are a few anoying things:
- different syntax between server and client components
- Astro div element that wraps all client components and can interfere with your composition
Now I'm looking into MarkoJS which could solve this and more.
#webdev #markojs #react #nextjs
‼️ Es wurde eine kritische Sicherheitslücke in React Server Components bekannt, die auch Next.js betrifft. Die Lücke sitzt im react-server-dom-webpack Paket und erlaubt einem Angreifer seinen Code direkt auf dem Server auszuführen.
‼️ Dringend updaten, denn es ist bereits bekannt, wie diese Sicherheitslücke auszunutzen ist.
https://www.hackerattack.de/blog/nextjs-und-react-components-functions.html
RCE Vulnerability in React and Next.js
https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
Critical Security Vulnerability in React Server Components, by @react.dev:
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Отображение Excel в React: экспериментальный прототип с merge и изначальной структурой
Снова на связи я –Дмитрий, React-разработчик, и в этот раз мы поговорим о создании фундамента для дальнейшей разработки. Идея — сделать компонент в реакте, который сможет отобразить файл Excel в обычной HTML-таблице со всеми слияниями ячеек, форматированием, несколькими строками заголовка и полностью сохранённой структурой. Казалось бы, задача простая: берёшь любую библиотеку, читаешь файл и показываешь. На практике всё оказалось гораздо интереснее.
https://habr.com/ru/companies/gnivc/articles/972012/
#excel #react #reactjs #html #frontendразработка #frontend #xlsx #javascript #фронтенд #фронтендразработка
Sur le même sujet :
"Les développeurs pressés de mettre à jour React et Next.js"
👇
https://www.lemondeinformatique.fr/actualites/lire-les-developpeurs-presses-de-mettre-a-jour-react-et-nextjs-98704.html
Since I started to analyze #CVE-2025-55182 (#React, #NextJS #RCE) at work today, I decided to publish my analysis findings so far, given all the fuzz about the vulnerability: https://github.com/msanft/CVE-2025-55182
Feel free to contribute to the search for a proper RCE sink!
I will never understand the urge the use a library designed to provide reactive DOM updates as a server framework. Here I am, wasting time parametrising my queries while some are shipping unprotected “eval()” in what looks like a very abstracted gRPC service.
https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp