Holy shit. I'm cooked. Massive security vulnerabilities in react

Jason Voorhees

Jason Voorhees

Say cheese
Joined
May 15, 2020
Posts
79,659
Reputation
232,533
It's like 7 am and I'm sweating after receiving this email. Scouring the internet to find a fix. I never even knew about this and got an email from vercel on one of my deployments informing me about it. Holy shit.

1000132952
1000132947
1000132952


thehackernews.com

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

React patches three RSC bugs causing DoS and code exposure, urging updates to fixed 19.x releases.
thehackernews.com thehackernews.com

blog.cloudflare.com

React2Shell and related RSC vulnerabilities threat brief- early exploitation activity and threat actor techniques

Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines and targeted critical infrastructure including nuclear fuel, uranium and rare earth elements. We outline the tactics they appear to be using and how Cloudflare is...
blog.cloudflare.com blog.cloudflare.com

Explanation in this video. This is like 9/11 in terms of security vulnerabilities. Like critical level. Full Infrastructure Compromise. There goes my Sunday fixing this. Have to update everything and abstract everything out :feelswah:



If any of you niggas have it running on react or next.js I suggest you guys to fix it too @Glorious King @topology @HowToBasic
 
Last edited:
  • +1
  • Woah
  • So Sad
Reactions: HowToBasic, GynoGladiator, Glorious King and 10 others
Math Reaction GIF by IFHT Films


my reaction
 
  • +1
Reactions: Incelforeever, ascendingalways, sub5mumbaifinalboss and 1 other person
Sorry my nigga I was trying to download a illegal movie and looks like I fucked up your system accidentally

IMG 4459
 
  • +1
  • JFL
  • So Sad
Reactions: Incelforeever, browncurrycel, Swarthy Knight and 4 others
Jason Voorhees said:
It's like 7 am and I'm sweating after receiving this email. Scouring the internet to find a fix. I never even knew about this and got an email from vercel on one of my deployments informing me about it. Holy shit.

View attachment 4421686View attachment 4421683View attachment 4421686

thehackernews.com

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

React patches three RSC bugs causing DoS and code exposure, urging updates to fixed 19.x releases.
thehackernews.com thehackernews.com

blog.cloudflare.com

React2Shell and related RSC vulnerabilities threat brief- early exploitation activity and threat actor techniques

Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines and targeted critical infrastructure including nuclear fuel, uranium and rare earth elements. We outline the tactics they appear to be using and how Cloudflare is...
blog.cloudflare.com blog.cloudflare.com

Explanation in this video. This is like 9/11 in terms of security vulnerabilities. Like critical level. Full Infrastructure Compromise. There goes my morning fixing this :feelswah:

View attachment 4421700

If any of you niggas have it running on react or next.js I suggest you guys to fix it too @Glorious King @topology @HowToBasic
Click to expand...
It’s over :feelskek:
 
  • +1
Reactions: sub5mumbaifinalboss, Mogs Me and Jason Voorhees
Jason Voorhees said:
It's like 7 am and I'm sweating after receiving this email. Scouring the internet to find a fix. I never even knew about this and got an email from vercel on one of my deployments informing me about it. Holy shit.

View attachment 4421686View attachment 4421683View attachment 4421686


Explanation in this video. This is like 9/11 in terms of security vulnerabilities. Like critical level. Full Infrastructure Compromise. There goes my morning fixing this :feelswah:

View attachment 4421700

If any of you niggas have it running on react or next.js I suggest you guys to fix it too @Glorious King @topology @HowToBasic
Click to expand...
Idk anything about web development the only thing I have running is an api using my local host
 
  • +1
Reactions: sub5mumbaifinalboss, Jason Voorhees and Saint
the video was 100% necessary
 
  • +1
Reactions: Jason Voorhees
topology said:
Idk anything about web development the only thing I have running is an api using my local host
Click to expand...
Then it isn't a problem. It's only a problem if you have prods running on a public web server using the vulnerable framework like I have
 
  • +1
Reactions: topology
@Nexom @Swarthy Knight @BeanCelll @takethewhitepill @Lightskin Ethnic
 
  • +1
Reactions: BeanCelll and Lightskin Ethnic
Jason Voorhees said:
@Nexom @Swarthy Knight @BeanCelll @takethewhitepill @Lightskin Ethnic
Click to expand...
Kuch samajh nahi aya lekin aap shayad koi boht badi zimmedari wala kam krte hoge :ogre:
 
  • JFL
Reactions: browncurrycel and Jason Voorhees
"Vercel". Sounds like .org lingo :feelshaha:

But I hope you get thru it soon bhai. Wish I was smart enough to understand this :feelscry:
 
  • +1
Reactions: Jason Voorhees
Swarthy Knight said:
"Vercel". Sounds like .org lingo :feelshaha:

But I hope you get thru it soon bhai. Wish I was smart enough to understand this :feelscry:
Click to expand...
It sounds a lot more complicated than it actually is. CVE-2025-55182 starts with CVE means Common vulnerabilities Exposure followed by the year and a random number assigned assigned to that specific vulnerability for the given year. These numbers are assigned by official CNA authority.

Think of the internet like a high security post office, and the React Server Components (RSC) flaw is like a problem with the letter service and scanning.. imagine that due to this vulnerability anyone can blow up the post office because of issue with scanning. It's a true 10 on the CVSS scale(Common Vulnerability Scoring System). Vulnerabilities of this level are extremely rare and are the kind that causes catastrophic damage
 
  • +1
Reactions: Incelforeever, Swarthy Knight and sub5mumbaifinalboss
Jason Voorhees said:
It sounds a lot more complicated than it actually is. CVE-2025-55182 starts with CVE means Common vulnerabilities Exposure followed by the year and a random number assigned assigned to that specific vulnerability for the given year. These numbers are assigned by official CNA authority.

Think of the internet like a high security post office, and the React Server Components (RSC) flaw is like a problem with the letter service and scanning.. imagine that due to this vulnerability anyone can blow up the post office because of issue with scanning. It's a true 10 on the CVSS scale(Common Vulnerability Scoring System). Vulnerabilities of this level are extremely rare and are the kind that causes catastrophic damage
Click to expand...
@sub5mumbaifinalboss
 
  • +1
Reactions: sub5mumbaifinalboss
Jason Voorhees said:
It sounds a lot more complicated than it actually is. CVE-2025-55182 starts with CVE means Common vulnerabilities Exposure followed by the year and a random number assigned assigned to that specific vulnerability for the given year. These numbers are assigned by official CNA authority.

Think of the internet like a high security post office, and the React Server Components (RSC) flaw is like a problem with the letter service and scanning.. imagine that due to this vulnerability anyone can blow up the post office because of issue with scanning. It's a true 10 on the CVSS scale(Common Vulnerability Scoring System). Vulnerabilities of this level are extremely rare and are the kind that causes catastrophic damage
Click to expand...
i think i lowk understand it
 
  • +1
Reactions: Jason Voorhees
update the versions, adjust code and deploy again .
im not surprised this was overlooked though web development is really messy, as it gets more complicated there's more potential exploits
 
  • +1
Reactions: Incelforeever and Jason Voorhees
Jason Voorhees said:
It's like 7 am and I'm sweating after receiving this email. Scouring the internet to find a fix. I never even knew about this and got an email from vercel on one of my deployments informing me about it. Holy shit.

View attachment 4421686View attachment 4421683View attachment 4421686

thehackernews.com

New React RSC Vulnerabilities Enable DoS and Source Code Exposure

React patches three RSC bugs causing DoS and code exposure, urging updates to fixed 19.x releases.
thehackernews.com thehackernews.com

blog.cloudflare.com

React2Shell and related RSC vulnerabilities threat brief- early exploitation activity and threat actor techniques

Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines and targeted critical infrastructure including nuclear fuel, uranium and rare earth elements. We outline the tactics they appear to be using and how Cloudflare is...
blog.cloudflare.com blog.cloudflare.com

Explanation in this video. This is like 9/11 in terms of security vulnerabilities. Like critical level. Full Infrastructure Compromise. There goes my Sunday fixing this. Have to update everything and abstract everything out :feelswah:

View attachment 4421700

If any of you niggas have it running on react or next.js I suggest you guys to fix it too @Glorious King @topology @HowToBasic
Click to expand...
HOLY FUCKING SHIT

I IGNORED THIS MAIL THINKING IT MUST BE SOME SHIT

1765683130363


NOW IM FUCKED

THANKS FOR RUINING MY WEEKEND :feelsokman:
 
  • +1
Reactions: Jason Voorhees
You must log in or register to reply here.

Users who are viewing this thread

Total: 3 (Looksmaxers: 0, Bluepillers: 3)
Back
Top