NextJS Security Vulnerability

34 points by connor11528 23 days ago · 6 comments

Reader

ChrisArchitect 23 days ago

Discussion: https://news.ycombinator.com/item?id=46136026

normie3000 23 days ago

This looks to be the same as the React RCE (https://news.ycombinator.com/item?id=46136026) but presumably it was NextJS's fault all along.

gcr 23 days ago

If anything, it’s exactly the opposite
embedding-shape 23 days ago

> but presumably it was NextJS's fault all along.
So lazy, why are you presuming so? You just had to get to the second paragraph of the article to avoid spewing FUD...
> This vulnerability originates in the upstream React implementation (CVE-2025-55182
- tom1337 23 days ago
  
  They are probably referring to Vercel playing a big part in the implementation of RSC and may be the ones who made that mistakes. Is it possible? Yes. Are there and sources for that take? None I could find.