A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
Attacker with local access could escalate privileges, Microsoft warns; analyst calls it ‘the most urgent concern’ this month.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback