Critical Security Vulnerability in React Server Components
70 points by nomaxx117
by lioeters
0 subcomment
> An unauthenticated attacker could craft a malicious HTTP request to any Server Function endpoint that, when deserialized by React, achieves remote code execution on the server. ..Affected: next, react-router, waku, @parcel/rsc, @vitejs/plugin-rsc, and rwsdk.
Oof, that's bad. Good thing I've only used RSC for static site generation and don't run it on a production server.
by bek-shoyatbek
0 subcomment
React first caused Cloudflare down with simple hook then now, a new feature server components causing an issue... I would rather be coding with HTMX....
Hacker News