HackerTrans
トップ新着トレンドコメント過去質問紹介求人

gonepivoting

no profile record

投稿

Critical RCE Vulnerabilities in React and Next.js

wiz.io
134 ポイント·投稿者 gonepivoting·7 か月前·77 コメント

コメント

gonepivoting
·7 か月前·議論
Hey, researcher from Wiz here - we definitely didn't discover these vulns and all the credit goes to Lachlan Davidson. We have been investigating these vulns throughout the day and decided not to disclose the full extent of our conclusions or release a working exploit until more people get a chance to patch this (and as I mentioned in another comment, exploitation works out-of-the-box so you definitely should patch ASAP).
gonepivoting
·7 か月前·議論
Just to simplify this - our exploitation tests so far have shown that a standard Next.js application created via create-next-app and built for production is vulnerable to CVE-2025-66478 without any specific code modifications by the developer - so this is essentially exploitable out-of-the-box.
gonepivoting
·8 か月前·議論
We're monitoring this activity as well and updating the list of affected packages here: https://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-...

Currently reverse engineering the malicious payload and will share our findings within the next few hours.