上周Cloudflare因應React Server Components重大漏洞進行緊急措施,導致多個網站出現500 Internal Server Error錯誤,斷線約半小時,影響流量達28%。此漏洞風險值高達10.0,駭客已開始濫用。
React團隊 公開 React 19伺服器端元件(Server Components)出現未經驗證遠端程式碼執行漏洞,編號CVE-2025-55182,官方評為CVSS10分的最高危險等級。該漏洞來自React伺服器端元件所使用的Flight通訊協定,牽連React19生態系的多項框架,其中以Next.js最受關注,Next.js則以CVE-2025-66478追蹤同一個問題。
Techub News 消息,據 Cointelegraph 報道,網絡安全非營利組織安全聯盟(SEAL)披露,近期通過開源前端 JavaScript 庫 React 的漏洞向網站植入加密貨幣竊取程序的攻擊呈上升趨勢。React 主要用於構建用戶界面,尤其在 Web 應用領域廣泛應用。React 團隊於 12 月 3 日披露,白帽黑客 Lachlan Davidson 發現該軟件存在安全漏洞,允許 ...
The issue, tracked as CVE-2025-55182, was disclosed on December 3 by the React team after being identified by white-hat ...
As reported by Cybernews, the React vulnerability, which enables external attackers to run privileged, arbitrary code on ...
A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server-side implementations ...
In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues – Denial-of-Service and Source Code Exposure were found by security ...
Hackers are exploiting a vulnerability in React to inject wallet-draining malware into cryptocurrency websites.
Cryptopolitan on MSN
React vulnerability sparks surge in crypto wallet drainers
SEAL Security researchers warned that a critical React flaw fueled a surge in wallet-draining attacks on crypto websites.
Hackers exploit a critical React JavaScript vulnerability, CVE-2025-55182, to deploy crypto wallet drainers on legitimate websites ...
某些結果已隱藏,因為您可能無法存取這些結果。
顯示無法存取的結果
意見反應