alt Hacker NewsIt's really concerning that the biggest, most eye-grabbing part of this posting is the note with the following: "It’s common for critical CVEs to uncover follow‑up vulnerabilities."
Trying to justify the CVE before fully explaining the scope of the CVE, who is affected, or how to mitigate it -- yikes.
Replies
Thanks for the feedback, I adjusted it here so the first note is related to the impacted versions:
Perception management
I think the same. To me it looks like a Vercel marketing employee wrote that.
Also kind of funny that they're comparing it to Log2Shell. Maybe not the best sort of company to be keeping...
Welcome to the React, Next, Vercel ecosystem. Our tech may be shite but we look fancy.
Very standard in security, announcements always always always try to downplay their severity.
What’s concerning about it? The first thing I thought when I read the headline was “wow, another react CVE?” It’s not a justification, it’s an explanation to the most obvious immediate question.