📰 2026-05-09 10:00 更新
🔸 The React2Shell Story / React2Shell的故事
🔗 The React2Shell Story
🔥 41 points
原文:
On November 30th 2025, I reported a critical remote code execution vulnerability (“React2Shell”) to Meta. On December 3rd, Meta released a fix and public advisory (CVE-2025-55182), urging developers to immediately update. Funnily enough, I didn’t set out to find a vulnerability in React. I just wanted to understand a protocol so I could be better at hacking modern web applications. But instead, I fell down a rabbit hole to a critical vulnerability that affected millions of websites. I also re…
译文:
2025年11月30日,我向Meta报告了一个严重的远程代码执行漏洞( “React2Shell” )。12月3日, Meta发布了修复和公共公告( CVE-2025-55182 ) ,敦促开发人员立即更新。有趣的是,我没有打算在React中找到漏洞。我只是想了解一个协议,这样我就可以更好地破解现代Web应用程序。但相反,我掉进了一个兔子洞,发现了一个严重的漏洞, 影响了数百万个网站。我也是……
自动更新 · 正文抓取 · 双语翻译