#Tag
Jetzt patchen! Attacken auf React2Shell-Lücke laufen an
Aufgrund von laufenden Attacken sollten Admins ihre React-Server zügig auf den aktuellen Stand bringen.
#Cyberangriff #Exploit #IT #React #Security #Sicherheitslücken #Updates #news
👋 Say hello to Drupal Canvas, a visual page builder now live for early testing. Build beautiful custom websites using a modern drag-and-drop, component-based interface. Try it and join the conversation.
🚀 This is the first stable milestone in a massive community-driven effort to modernize building with Drupal.
🔗 Learn more at https://www.drupal.org/blog/drupal-canvas-is-now-available-inside-drupals-new-visual-page-builder
“Working weaponized” POC exploit now available…https://www.rapid7.com/blog/post/etr-react2shell-cve-2025-55182-critical-unauthenticated-rce-affecting-react-server-components/ #react
👋 Say hello to Drupal Canvas, a visual page builder now live for early testing. Build beautiful custom websites using a modern drag-and-drop, component-based interface. Try it and join the conversation.
🚀 This is the first stable milestone in a massive community-driven effort to modernize building with Drupal.
🔗 Learn more at https://www.drupal.org/blog/drupal-canvas-is-now-available-inside-drupals-new-visual-page-builder
Critical Security Vulnerability in #React Server Components 🍿
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Why use #React? "This isn’t a rhetorical question. I genuinely want to know why devs choose to build using React. There are many reasons. Alas, none of them relate directly to user experience, other than productive devs will make better websites. (Citation needed.)" https://adactio.com/journal/22265
Jetzt patchen! Attacken auf React2Shell-Lücke laufen an
Aufgrund von laufenden Attacken sollten Admins ihre React-Server zügig auf den aktuellen Stand bringen.
#Cyberangriff #Exploit #IT #React #Security #Sicherheitslücken #Updates #news
“Working weaponized” POC exploit now available…https://www.rapid7.com/blog/post/etr-react2shell-cve-2025-55182-critical-unauthenticated-rce-affecting-react-server-components/ #react
UPDATE - It turns out this "proof of concept" was AI slop code where the AI just made a super vulnerable server instead of any exploit demo. Bc, of course it did.
Original:
There's an epic react server component RCE exploit making the rounds today.
A proof of concept just dropped. Probably wanna patch this rapidly.
And to be clear this is a real vulnerability in React which still ought to be patched.
More details on these vulnerablities and how to mitigate is linked below 👇🏿
👋 Say hello to Drupal Canvas, a visual page builder now live for early testing. Build beautiful custom websites using a modern drag-and-drop, component-based interface. Try it and join the conversation.
🚀 This is the first stable milestone in a massive community-driven effort to modernize building with Drupal.
🔗 Learn more at https://www.drupal.org/blog/drupal-canvas-is-now-available-inside-drupals-new-visual-page-builder
👋 Say hello to Drupal Canvas, a visual page builder now live for early testing. Build beautiful custom websites using a modern drag-and-drop, component-based interface. Try it and join the conversation.
🚀 This is the first stable milestone in a massive community-driven effort to modernize building with Drupal.
🔗 Learn more at https://www.drupal.org/blog/drupal-canvas-is-now-available-inside-drupals-new-visual-page-builder
I will never understand the urge the use a library designed to provide reactive DOM updates as a server framework. Here I am, wasting time parametrising my queries while some are shipping unprotected “eval()” in what looks like a very abstracted gRPC service.
https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
UPDATE - It turns out this "proof of concept" was AI slop code where the AI just made a super vulnerable server instead of any exploit demo. Bc, of course it did.
Original:
There's an epic react server component RCE exploit making the rounds today.
A proof of concept just dropped. Probably wanna patch this rapidly.
Critical Security Vulnerability in #React Server Components 🍿
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
Critical RCE Vulnerabilities in React and Next.js
https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182
#HackerNews #CriticalRCE #Vulnerabilities #React #Nextjs #Cybersecurity #Vulnerabilities #CVE-2025-55182
Why use #React? "This isn’t a rhetorical question. I genuinely want to know why devs choose to build using React. There are many reasons. Alas, none of them relate directly to user experience, other than productive devs will make better websites. (Citation needed.)" https://adactio.com/journal/22265
@danabra.mov What I haven't read much about is what bounds the cache size, or more importantly: can I be confident that a process won't crash with an out of memory error caused by using Cache Components?
github.com##.AppHeader-CopilotChat
github.com# #copilot-dashboard-entrypoint
github.com##.prc-ButtonGroup-ButtonGroup-vcMeG.DiffLinesMenu-module__diff-button-container--UrMbh
github.com##.DiffHeaderAskCopilotButton-module__askCopilotButton--XnBQK.prc-Button-ButtonBase-c50BI
github.com## #copilot-md-menu-anchor-new_comment_field
github.com# #a[href^="https://copilot-workspace.githubnext.com"]
github.com## #copilot-md-menu-anchor-pull_request_body
github.com##.lnwIhU.Box-sc-g0xbh4-0 > .octicon-copilot.octicon > path
github.com# #li:has(> ul > li#query-builder-test-result-ask-copilot)
github.com# #li.ActionList-sectionDivider[aria-hidden="true"]
github.com# #div:has(> button[data-testid="copilot-ask-menu"])
github.com# #div[data-test-id="copilot-actions-chat-button"]
github.com# #div.dropdown-divider:has(+span[data-target="copilot-diff-entry.menuItemsSlot"])
github.com# #span[data-target="copilot-diff-entry.menuItemsSlot"]
github.com# #react-partial[partial-name="copilot-code-chat"]
github.com##.copilotPreview__container
github.com# #button[id^="copilot-md-menu-anchor"]
github.com# #div:has(> button[id^="copilot-md-menu-anchor"]) + hr
github.com# #li:has(> ul > li#query-builder-test-result-chat-with-copilot)
github.com# #span:has(> p > span[data-assignee-name="Copilot"])
github.com# #div:has(> div > div > a[data-testid="open-in-copilot-agent-button"])
github.com# #command-palette-item[data-item-id="2918418660"]
github.com# #li.prc-ActionList-Divider-rsZFG
github.com# #li:has-text(/Ask about this diff/)
github.com# #div[class*="CopilotWorkspaceButton"]
github.com# #li[class="ActionListItem ActionListItem--hasSubItem"]:has(ul > li[data-item-id="repo_settings_copilot_swe_agent"])
github.com# #svg.octicon.octicon-copilot
github.com# #span[class="ActionListItem-label"]:has-text(Copilot)
github.com# #li:has(> div > span:has-text(/Explain error/))
github.com# #div[class*="CopilotAgentModeButton"]
github.com# #button:has(> span:has-text(/Try the new experience/))
github.com# #g-emoji[alias="sparkles"]
github.com# #inline-machine-translation
A space for Bonfire maintainers and contributors to communicate
