A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback