I suspect the commit to fix is: https://github.com/facebook/react/commit/bbed0b0... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		benmmurphy 49 days ago \| parent \| context \| favorite \| on: RCE Vulnerability in React and Next.js I suspect the commit to fix is: https://github.com/facebook/react/commit/bbed0b0ee64b89353a4... and it looks like its been squashed with some other stuff to hide it or maybe there are other problems as well. this pattern appears 4 times and looks like it is reducing the functions that are exposed to the 'whitelist'. i presume the modules have dangerous functions in the prototype chain and clients were able to invoke them. `- return moduleExports[metadata.name]; + if (hasOwnProperty.call(moduleExports, metadata.name)) { + return moduleExports[metadata.name]; + } + return (undefined: any);`

hackhomelab 49 days ago [–]

It could also be https://github.com/facebook/react/commit/7dc903cd29dac55efb4... ("This also fixes a critical security vulnerability.")

nine_k 49 days ago | [–]

It does the same thing here, too: https://github.com/facebook/react/commit/7dc903cd29dac55efb4...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact