个人数字泔水\(⁠◔⁠‿⁠◔⁠)✨ Thinking...https://tg.okhk.nethttps://tg.okhk.net/posts/9112https://tg.okhk.net/posts/9112Wed, 25 Mar 2026 03:31:12 GMT<a href="/search/result?q=%23Update">#Update</a> <a href="/search/result?q=%23Sora">#Sora</a><br /><br /><a href="https://x.com/soraofficialapp/status/2036546752535470382?" target="_blank">Sora App 将终止运营。</a><br /><br />App 和 API 的终止时间将「很快」提供。https://tg.okhk.net/posts/8598https://tg.okhk.net/posts/8598Tue, 27 Jan 2026 05:13:50 GMT<i><b>🔴</b></i> 另一些 RSC DoS 漏洞；请尽快更新。<br /><br />- 此漏洞影响 Next.js 13-16 及其它使用了 React Server Side Components 的相关组件。<br />- 此漏洞不会导致 RCE。<br />- 对于 React，请更新到 19.0.4/19.1.5/19.2.4。<br />- 对于 Next.js，请参考 [1] 或 [2] 中的更新方案。<br />- Vercel [2] 及 Cloudflare [3] 已经发布针对此漏洞的服务端 WAF 规则。<br /><br />CVE: CVE-2026-23864<br />CVSS: 7.5<br /><br />1. <a href="https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions" target="_blank">react.dev/~</a><br />2. <a href="https://vercel.com/changelog/summary-of-cve-2026-23864" target="_blank">vercel.com/~</a><br />3. <a href="https://developers.cloudflare.com/changelog/2026-01-26-waf-release/" target="_blank">developers.cloudflare.com/~</a><br /><br />thread: <a href="https://t.me/outvivid/4795" target="_blank">/4795</a><br />linksrc: <a href="https://t.me/abcthoughts/6821" target="_blank">https://t.me/abcthoughts/6821</a><br /><br /><a href="/search/result?q=%23React">#React</a> <a href="/search/result?q=%23Nextjs">#Nextjs</a><a href="https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components" target="_blank"> <div>react.dev</div> <img class="link_preview_image" alt="Critical Security Vulnerability in React Server Components – React" src="/static/https://cdn4.telesco.pe/file/NinnLkUpnMAtHe5qR7IsJXKh4SzFGKjpaCAPJ6HUv970wPE7X56qjaAw2fgWnrgppqpilRxS7CFskfFaP-DZdwyBLwwlwVqGQGi3YByM9HcDuvhuisirf8dByGcI_y7gHCGUBPKKYyUm9zPbesX9WtFgboOdr-IimKMrSzlPIAN5DhBESXIwopAJvS8GoZMxk1336OBlfRGHpVlwLzZVbY1A37cSHbECQebOCrpjXjyf5rjrB0nT9Pl8o3R1fK53-qFMmTp95GF25LVW_-gRCzWxaLnVTFAHVAMDDoGakkMBMVRb8GrpGSlcQ87GQ2zFSAsCi232I0g0boOfdn87xw.jpg" width="1200" height="630" loading="eager" /> <div>Critical Security Vulnerability in React Server Components – React</div> <div>The library for web and native user interfaces</div> </a>https://tg.okhk.net/posts/8006https://tg.okhk.net/posts/8006Fri, 12 Dec 2025 04:37:10 GMT<a href="/search/result?q=%23PSA">#PSA</a>: 一些<b>新的</b> React DoS/源码泄露漏洞；请尽快更新。<br /><br />- 如果上周已经就之前的 RCE 漏洞对 React 等组件进行了更新，本周依旧<b>需要</b>继续更新。<br />- 如果就此漏洞更新到了 React 19.0.2/19.1.3/19.2.2，也依旧<b>需要</b>继续更新，因为这些版本的修复不完整。<br />- 请参考 [2] 了解需要更新到的版本。<br />- React Server Side Components 相关；拒绝式服务攻击，以及服务端（服务端！）组件源码泄露。<br />- Next.js 13.3 至 14（含 13.3 及 14.x）也受此漏洞影响。<br />- react-router、waku 和几个其它 RSC 组件也受此漏洞影响。<br /><br />CVE: CVE-2025-55184, CVE-2025-67779, CVE-2025-55183<br />CVSS: 最高者为 7.5<br /><br />1. <a href="https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components" target="_blank">react.dev/~</a><br />2. <a href="https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components#update-instructions" target="_blank">react.dev/~</a><br /><br />thread: <a href="https://t.me/outvivid/4791" target="_blank">/4791</a><br /><br /><a href="/search/result?q=%23React">#React</a> <a href="/search/result?q=%23Nextjs">#Nextjs</a><a href="https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components" target="_blank"> <div>react.dev</div> <img class="link_preview_image" alt="Critical Security Vulnerability in React Server Components – React" src="/static/https://cdn4.telesco.pe/file/H6FYcKtGLa3CQ0l3vhleyBg8NahSrOGslhQMnPGwF_EyeYBQLPcIojnZxzj_y3d8Hkt_2jm9jr20btlTle7anHnjIm24gmRlp63JB2pkJNKct9c4e7QHZpvPY-C8TWtyO5cp8ml-1PcBX4JPAI0O8aJhR_gStKOG2JdSE3n8bNIDmdw6YqXQwcdLzq2_i2f3VOCiENO4GrZF7gs7_5FPGnR3i6GQIC2lbopdNX31a9URGM2e0Ln7nMl8JyPfMynOZg7Dka72FnbzsOoB6xPUcfqeQi3ivhj4vFr48DB7kZUkW8i5p8xAoSWublN2Qn2SD_P1hlH-EF0-p-BbDbRuVQ.jpg" width="1200" height="630" loading="eager" /> <div>Critical Security Vulnerability in React Server Components – React</div> <div>The library for web and native user interfaces</div> </a>