top | item 46136907 (no title) karimf | 3 months ago Dang, Cloudflare is moving fast. Cloudflare WAF proactively protects against React vulnerability https://blog.cloudflare.com/waf-rules-react-vulnerability/ discuss order hn newest xnorswap|3 months ago This is what coordinated disclosure looks like. karimf|3 months ago Given that most Next.js and RSC apps run on Vercel, I’m wondering if they’re doing the same thing. There’s no information about this in their latest blog post [0].Update: They do similar thing. Mentioned here [1][0] https://nextjs.org/blog/CVE-2025-66478[1] https://vercel.com/changelog/cve-2025-55182 bradly|3 months ago Would be interesting to hear from Cloudflare the extent of exploitation before today. I'm assuming they can see if/when this started being exploited.
xnorswap|3 months ago This is what coordinated disclosure looks like. karimf|3 months ago Given that most Next.js and RSC apps run on Vercel, I’m wondering if they’re doing the same thing. There’s no information about this in their latest blog post [0].Update: They do similar thing. Mentioned here [1][0] https://nextjs.org/blog/CVE-2025-66478[1] https://vercel.com/changelog/cve-2025-55182
karimf|3 months ago Given that most Next.js and RSC apps run on Vercel, I’m wondering if they’re doing the same thing. There’s no information about this in their latest blog post [0].Update: They do similar thing. Mentioned here [1][0] https://nextjs.org/blog/CVE-2025-66478[1] https://vercel.com/changelog/cve-2025-55182
bradly|3 months ago Would be interesting to hear from Cloudflare the extent of exploitation before today. I'm assuming they can see if/when this started being exploited.
xnorswap|3 months ago
karimf|3 months ago
Update: They do similar thing. Mentioned here [1]
[0] https://nextjs.org/blog/CVE-2025-66478
[1] https://vercel.com/changelog/cve-2025-55182
bradly|3 months ago