3 comments

[ 4.5 ms ] story [ 19.7 ms ] thread
From the reporter of the React vulnerablility, Lachlan Davidson
It has a note on invalid PoCs:

> We have seen a rapid trend of "Proof of Concepts" spreading which are not genuine PoCs.

It is very strange that this didn't make it to the front page of HN. I've just received an email from DigitalOcean that my VPS/droplet had been used in a DDoS attack, and a few hours latter another email, again from DigitalOcean, saying that I'm running software that has a vulnerability with CVE score of 10. I guess not a lot of CVEs get a score of 10, and not for a framework as widespread as React and Next.