The React2Shell vulnerability allows remote code execution in React and Next.js applications due to insecure deserialization in the βFlightβ protocol. Developers are urged to update affected packages to mitigate potential exploits. #ReactServerComponents #Next.jsSecurity
Keypoints
- The βReact2Shellβ flaw enables remote code execution in React and Next.js via insecure deserialization.
- The vulnerability affects default configurations of key packages like react-server-dom-parcel and react-server-dom-webpack.
- React versions 19.0 to 19.2 and Next.js versions 14.3.0 canary and below are impacted.
- Wiz and Endor Labs warn that this flaw is easy to exploit and widespread in cloud environments.
- Organizations should apply security patches immediately and audit their systems for vulnerable versions.