| ▲ | zhivota 7 hours ago | |
I mean I just participated in a Next JS incident that required it this week. It has been rare over the years but I suspect it's getting less rare as supply chain attacks become more sophisticated (hiding their attack more carefully than at present and waiting longer to spring it). | ||
| ▲ | Aeolun 7 hours ago | parent [-] | |
NextJS was just bog standard “we designed an insecure API and now everyone can do RCE” though. Everyone has been able to exploit that for ages. It only became a problem when it was discovered and publicised. | ||