Nextjs had remote code execution vulnerabilities because of how they implemented react server side. I am not touching an AI version without waiting for a while.

▲

t-writescode 3 hours ago | parent | next [-]

Thank you. This is the part that shocks me the most. I was always wary of Next.js for this exact reason (in fact, I refused to use it for personal projects before the RCE because I was scared that I would make a mistake and leak server-side data to the client.

Bugs like this are easy to happen and even easier to miss if you’re generating thousands of lines of code with AI.

▲

robertoandred 3 hours ago | parent | prev [-]

That was a React vulnerability, not a Next one.

	▲	shimman 23 minutes ago \| parent [-]
		It was a vulnerability that only could exist due to the incestuous relationship between React and Vercel. It was something Vercel has been trying to heavily push into React for years (which is why they hired previous react core team members).