React/Next.js 曝满分RCE漏洞,无需认证即可远程代码执行

近期,聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞, 该漏洞已被披露,编号为 CVE-2025-55182,CVSS 评分为 10.0 。 该漏洞主要波及react-server-dom-webpack的Server Actions功能。由于在处理客户端提交的表单数据时,系统未能实施充分的安全性校验,导致攻击者能够通过精心设计的恶意表单请求 ...
InfoWorld

8 more React hooks you need to know about

useState is the most well-known hook for using functional components in React, but it's just a start. Here are eight more React hooks, and how to use them. React remains the pacesetter among ...

React 警告关键高危漏洞:可未经身份验证远程执行代码,快快升级

此漏洞被披露为 CVE-2025-55182,并被评为 CVSS 10.0。React Server Functions 允许客户端调用服务器上的函数,React 将客户端的请求转换为 HTTP 请求,并将这些请求转发到服务器。在服务器上,React 将 HTTP 请求转换为函数调用,并将所需数据返回给客户端。 未经身份验证的攻击者可以构造一个恶意的 HTTP 请求,发送到任何 Server ...

Critical vulnerability in React JS framework has a near 100% chance to be exploited

Researchers have uncovered a critical security flaw that could have catastrophic consequences for web and private cloud ...