Microsoft

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...
InfoWorld

All I want for Christmas is a server-side JavaScript framework

Could 2026 be the year of the beautiful back end? We explore the range of options for server-side JavaScript development, from Express to Next and all the rest. A grumpy Scrooge of a developer might ...
CSOonline

Developers urged to immediately upgrade React, Next.js

Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert. Developers using the React 19 library for building application interfaces are ...
The Hacker News

Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution

A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as ...
InfoQ

Accessibility with Interactive Components at React Advanced Conf

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Prevent AI-generated tech debt with Skeleton ...
InfoWorld

What makes JavaScript great

JavaScript’s low bar to entry has resulted in one of the richest programming language ecosystems in the world. This month’s report celebrates the bounty, while also highlighting a recent example of ...
The Hacker News

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype ...