#react-server-components
#react-server-components
[ follow ]
#cve-2025-55182 #remote-code-execution #denial-of-service #nextjs #react-native #security #source-code-exposure
#cve-2025-55182
fromThisweekinreact
3 days agoReact
This Week In React #262: React2Shell, Fate, TanStack AI, React Grab, Formisch, Base UI | React Native 0.83, Reanimated 4.2, State of RN, Refined, Crypto, Worklets, Sheet Navigator | CSS, Temporal, Supply Chain, Firefox | This Week In React
Critical React Server Components vulnerability allows unauthenticated remote code execution; exploit is circulating widely and requires immediate upgrades for affected frameworks.
Information security
fromThe Hacker News
1 week agoCritical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
A critical RSC deserialization vulnerability (CVE-2025-55182, React2Shell) enables unauthenticated remote code execution; patches released for react-server-dom packages and affected downstream frameworks.
fromThe Hacker News
1 week agoChinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1. According to a new report shared by Amazon Web Services (AWS), two China-linked threat actors known as Earth Lamia and Jackpot Panda have been observed attempting to exploit the maximum-severity security flaw.
Information security
React
fromThisweekinreact
1 week agoThis Week In React #261: RSC vulnerability, Activity, ViewTransition, React Router, Sonner, Cedar, Storybook, Conform | RNRepo, Nitro Modules, Keyboard Controller, SET, Sheets, deep links | tsgo, Bun, WebGPU, Vite, oxfmt, Valibot | This Week In React
Upgrade React 19 immediately due to a critical Server Functions vulnerability that allows unauthenticated remote code execution via crafted HTTP requests to Server Function endpoints.
fromLogRocket Blog
2 months agoReact Server Components broke my app and I still don't know why - LogRocket Blog
The hype around the introduction of React Server Components (RSC) was undeniable. For the uninitiated, RSCs are a new way to build React apps that render components on the server, keeping code and data-fetching logic away from the client. The promise was appealing: a unified approach to server and client rendering, unmatched performance, and simpler data fetching, enough to convince many of us that this was the next best thing after cheese.
Web frameworks
fromkrasimirtsonev.com
3 months agoReact Server Components support without a framework
When I started researching, I found that there are solutions outside of Next.js, but they were either incomplete or tied to specific tools like Vite or esbuild. The more I dug, the more I realized that what we really have is a pattern without a proper implementation. It reminded me of Flux back in the day-a pattern that introduced new ideas but lacked clear direction on how those ideas should fit into existing applications.
React
React
fromHackernoon
3 years agoIf You're Going to Use Next.js - At Least Use it Right | HackerNoon
Next.js projects should prioritize server components and minimize client-side code.
Native APIs optimize performance better than third-party libraries in SSR contexts.
Utilize Tailwind CSS for styling instead of outdated libraries.
[ Load more ]