I mean I just participated in a Next JS incident that required it this week. It ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		zhivota 40 days ago \| parent \| context \| favorite \| on: Why Twilio Segment moved from microservices back t... I mean I just participated in a Next JS incident that required it this week. It has been rare over the years but I suspect it's getting less rare as supply chain attacks become more sophisticated (hiding their attack more carefully than at present and waiting longer to spring it).

Aeolun 40 days ago [–]

NextJS was just bog standard “we designed an insecure API and now everyone can do RCE” though.

Everyone has been able to exploit that for ages. It only became a problem when it was discovered and publicised.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact