3 results found
React2Shell (CVE-2025-55182) was a critical RCE vulnerability in React's Flight protocol, discovered by unpicking its undocumented internal workings. It leveraged how Flight deserializes complex objects and how `await` leniently handles "thenables," ultimately allowing attackers to execute arbitrary code by manipulating React's internal promise resolution logic.
Building a robust screen recording and sharing platform, akin to Loom, presents a unique set of technical challenges. From capturing media efficiently in the browser to managing complex video encoding, streaming, and
IDOR (Insecure Direct Object Reference) vulnerabilities in Next.js API routes occur when authenticated users can access unauthorized resources by manipulating identifiers. This article details how to prevent IDORs by distinguishing authentication from authorization, implementing object-level authorization checks, and designing secure `/api/me` endpoints.
