近期，聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞， 该漏洞已被披露，编号为 CVE-2025-55182，CVSS 评分为 10.0 。

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.

Next.js 发布了一款名为 fix-react2shell-next 的专用命令行工具，帮助开发者快速检测并修复高危"React2Shell"漏洞（CVE-2025-66478）。这款新型扫描器提供单行命令解决方案，可识别存在漏洞的 ...

A newly discovered security flaw in the React ecosystem — one of the most widely used technologies on the web — is prompting ...

此漏洞被披露为 CVE-2025-55182，并被评为 CVSS 10.0。React Server Functions 允许客户端调用服务器上的函数，React 将客户端的请求转换为 HTTP 请求，并将这些请求转发到服务器。在服务器上，React 将 HTTP 请求转换为函数调用，并将所需数据返回给客户端。 未经身份验证的攻击者可以构造一个恶意的 HTTP 请求，发送到任何 Server ...

This article was originally published on Built In by Alex Zito-Wolf. React JS is a JavaScript framework with 10 years of maturity and a huge community supporting its growth and development. But you ...

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert.

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...

React.js is among the most well-known front-end libraries used for building user interfaces. You will benefit from the service of a react.js development company when you need a solution from an ...