A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Attackers are using the vulnerability to deploy malware and crypto-mining software, compromising server resources and potentially intercepting wallet interactions on crypto platforms.
The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback