React

21 views

Skip to first unread message

Douglas Crockford

unread,

Dec 4, 2025, 8:41:20 AM (9 days ago) Dec 4

to friam

JavaScript servers running React have a major vulnerabilty. It seems that it can be tricked into evalling payloads that were Bse64 encoded. This seems like a first-semester design error, but it is fully, widely, consistently exploitable.

My advice is to never use React on either end of the network. That said, React is very pop-u-a-lar.

https://arstechnica.com/security/2025/12/admins-and-defenders-gird-themselves-against-maximum-severity-server-vulnerability

Reply all

Reply to author

Forward

0 new messages