top | item 46137768

(no title)

karimf | 3 months ago

> Projects hosted on Vercel benefit from platform-level protections that already block malicious request patterns associated with this issue.

https://vercel.com/changelog/cve-2025-55182

> Cloudflare WAF proactively protects against React vulnerability

https://blog.cloudflare.com/waf-rules-react-vulnerability/

discuss

Rauchg|3 months ago

We collaborated with many industry partners to proactively deploy mitigations due to the severity of the issue.

We still strongly recommend everyone to upgrade their Next, React, and other React meta-frameworks (peer)dependencies immediately.

vanwal_j|2 months ago

Does this include any provider that does not fall under USA CLOUD Act? This vulnerability disclosure timeline is a nightmare for us Europeans, it was fully disclosed yesterday late afternoon for us and I can trace back attack logs that happend during the night. I expect some downfalls from this.

I genuinely believe Next.JS is a great framework, but as an European developer working on software that should not touch anything related to CLOUD Act you're just telling me that Next.JS and React, despite being OSS, is not made for me anymore.

semiquaver|3 months ago

Does AWS WAF have a mitigation in place?

serhalp|3 months ago

Same for Netlify: https://www.netlify.com/changelog/2025-12-03-react-security-...

and Deno Deploy/Subhosting: https://deno.com/blog/react-server-functions-rce

unknown|2 months ago

[deleted]

Jnr|2 months ago

I patched and rebuilt what I could and added custom Crowdsec WAF rules for this, in case I missed something.