A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
RCE flaw in React and Next.js is being actively exploited by China-nexus threat groups, prompting urgent patching and global mitigations.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback