公式動画ピックアップ
AAPL
ADBE
ADSK
AIG
AMGN
AMZN
BABA
BAC
BL
BOX
C
CHGG
CLDR
COKE
COUP
CRM
CROX
DDOG
DELL
DIS
DOCU
DOMO
ESTC
F
FIVN
GILD
GRUB
GS
GSK
H
HD
HON
HPE
HSBC
IBM
INST
INTC
INTU
IRBT
JCOM
JNJ
JPM
LLY
LMT
M
MA
MCD
MDB
MGM
MMM
MSFT
MSI
NCR
NEM
NEWR
NFLX
NKE
NOW
NTNX
NVDA
NYT
OKTA
ORCL
PD
PG
PLAN
PS
RHT
RNG
SAP
SBUX
SHOP
SMAR
SPLK
SQ
TDOC
TEAM
TSLA
TWOU
TWTR
TXN
UA
UAL
UL
UTX
V
VEEV
VZ
WDAY
WFC
WK
WMT
WORK
YELP
ZEN
ZM
ZS
ZUO
公式動画&関連する動画 [CVSS 10.0: The Critical Next.js & React Vulnerability Explained]
Is your React application publicly exposed to a Remote Code Execution (RCE) attack?
In this deep dive, Caden breaks down one of the most significant vulnerabilities to hit the modern web stack: a CVSS 10.0 flaw affecting React Server Components and Next.js. This critical exploit allows unauthenticated attackers to execute code straight out of the box—no credentials required.
In this video, we explore:
The Shift to Server-Side React: Why developers moved to Next.js and React Server Components to solve UX pain points, and the "trust" trade-off that came with it.
The Flight Protocol & Implicit Trust: How React assumes requests are coming from its own generated code, creating a "guard down" environment for the server.
Prototype Pollution Explained: A look at how attackers use JavaScript’s object-oriented nature to overwrite object templates and gain full system control.
The Unit 42 Response: How managed threat hunters used XQL Hunting Queries to identify "symptoms" like Node.js servers spawning PowerShell commands or accessing SSH keys.
Patching vs. Protection: Why upgrading your libraries is the only permanent fix, and how Cortex XDR provides a safety net with behavioral threat protection in the meantime.
With over 40% of developers using React and hundreds of thousands of companies potentially exposed, understanding this vulnerability is essential for anyone building or securing modern web apps.
🕒 Timestamps:
0:00 - The CVSS 10.0 threat at the core of web dev
0:45 - How the Flight Protocol revolutionized React
1:40 - The "Security vs. Efficiency" trade-off
2:30 - Breaking down the RCE: No authentication required
3:20 - Technical Deep Dive: Prototype Pollution in JavaScript
4:10 - The Scale: Hundreds of thousands of companies exposed
4:55 - How Unit 42 hunts for the "symptoms" of exploitation
6:05 - The Fix: Patching, rebuilding, and deploying
6:40 - How Cortex XDR & XSIAM block the attack in real-time
🔍 Keywords & Tags:
#ReactJS #NextJS #CyberSecurity #WebDevelopment #Unit42 #RCE #InfoSec #Javascript #Programming #CortexXDR #VulnerabilityManagement #FullStackDeveloper
111
2