Readit News logoReadit News
karimf commented on RCE Vulnerability in React and Next.js   github.com/vercel/next.js... · Posted by u/rayhaanj
karimf · 2 months ago
> Projects hosted on Vercel benefit from platform-level protections that already block malicious request patterns associated with this issue.

https://vercel.com/changelog/cve-2025-55182

> Cloudflare WAF proactively protects against React vulnerability

https://blog.cloudflare.com/waf-rules-react-vulnerability/

karimf commented on Critical RCE Vulnerabilities in React and Next.js   wiz.io/blog/critical-vuln... · Posted by u/gonepivoting
jfindper · 2 months ago
>AFAICT, they're AI generated.

What is the "tell"? I'm not saying they are or aren't, but... people say this about literally everything now and it's typically some flimsy reasoning like "they used a bullet point". I don't see anything in particular that makes me think ai over a standard template some junior fills out.

>the vulnerability was not found by a Wiz employee at all

I've re-read the Wiz article a few times. Maybe I'm just dumb, but where did Wiz claim to have found this vulnerability?

karimf · 2 months ago
When I saw "WIZ Research - Critical Vulnerabilities in React and Next.js" on the big image banner, I immediately thought that Wiz found the vulnerability.
karimf commented on Critical RCE Vulnerabilities in React and Next.js   wiz.io/blog/critical-vuln... · Posted by u/gonepivoting
xnorswap · 2 months ago
This is what coordinated disclosure looks like.
karimf · 2 months ago
Given that most Next.js and RSC apps run on Vercel, I’m wondering if they’re doing the same thing. There’s no information about this in their latest blog post [0].

Update: They do similar thing. Mentioned here [1]

[0] https://nextjs.org/blog/CVE-2025-66478

[1] https://vercel.com/changelog/cve-2025-55182

karimf commented on Critical RCE Vulnerabilities in React and Next.js   wiz.io/blog/critical-vuln... · Posted by u/gonepivoting
karimf · 2 months ago
Dang, Cloudflare is moving fast. Cloudflare WAF proactively protects against React vulnerability https://blog.cloudflare.com/waf-rules-react-vulnerability/
Posted by u/karimf 2 months ago
Cloudflare WAF proactively protects against React vulnerabilityblog.cloudflare.com/waf-r...
karimf commented on Cloudflare Global Network experiencing issues   cloudflarestatus.com/inci... · Posted by u/meetpateltech
karimf · 3 months ago
Related: https://news.ycombinator.com/item?id=45963780
karimf commented on Cloudflare Global Network experiencing issues   cloudflarestatus.com/inci... · Posted by u/imdsm
erdaltoprak · 3 months ago
At some point we really need to think if this is the web we want, one/two major actors are down and everything goes with it

Not downplaying the immense work of infra / engineering at this scale but my neighborhood local grocery market shouldn’t be down

karimf · 3 months ago
It's hard not to use Cloudflare at least for me: good products, "free" for small projects, and if Cloudflare is down no one will blame you since the internet is down.
karimf commented on Cloudflare Global Network experiencing issues   cloudflarestatus.com/inci... · Posted by u/imdsm
karimf · 3 months ago
I've been migrating all my personal stuff to Cloudflare. They have good products and good pricing.

At the same time I'm worried about how the internet is becoming even more centralized, which goes against how it was originally designed.

karimf commented on Ask HN: What Are You Working On? (Nov 2025)    · Posted by u/david927
karimf · 3 months ago
Self-hosting a free real-time AI app to help people practice speaking English

https://www.fikrikarim.com/bule-ai-initial-release

Posted by u/karimf 4 months ago
Neural audio codecs: how to get audio into LLMskyutai.org/next/codec-exp...
k

u/karimf

KarmaCake day1611December 24, 2016
About
https://fikrikarim.com
View Original