{"id":1736,"date":"2025-12-08T16:01:46","date_gmt":"2025-12-08T08:01:46","guid":{"rendered":"https:\/\/www.yeetrack.com\/?p=1736"},"modified":"2025-12-08T16:01:46","modified_gmt":"2025-12-08T08:01:46","slug":"%e8%ae%b0%e4%b8%80%e6%ac%a1react-next-js%e7%bb%84%e4%bb%b6rce%e6%bc%8f%e6%b4%9e%ef%bc%88cve-2025-55182%ef%bc%89%e5%af%bc%e8%87%b4%e6%9c%8d%e5%8a%a1%e5%99%a8%e8%a2%ab%e6%a4%8d%e5%85%a5%e6%8c%96","status":"publish","type":"post","link":"https:\/\/www.yeetrack.com\/?p=1736","title":{"rendered":"\u8bb0\u4e00\u6b21React\/Next.js\u7ec4\u4ef6RCE\u6f0f\u6d1e\uff08CVE-2025-55182\uff09\u5bfc\u81f4\u670d\u52a1\u5668\u88ab\u690d\u5165\u6316\u77ff\u7a0b\u5e8f\u6392\u67e5"},"content":{"rendered":"<p>\u516c\u53f8\u4f7f\u7528\u4e86\u56fd\u5185\u7684\u67d0\u516c\u6709\u4e91\uff0c\u5728\u5176\u4e2d\u4e00\u53f0\u865a\u62df\u673a\u4e0a\u642d\u5efa\u4e86\u5168\u5957\u7684dify\u5927\u6a21\u578b\u7a0b\u5e8f\uff0c\u56e0\u4e3a\u6709\u5916\u90e8\u670d\u52a1\u8981\u8c03\u7528\uff0c\u6240\u4ee5\u5f00\u4e86\u516c\u7f51\u8bbf\u95ee\u3002\u8fd1\u65e5\u6536\u5230\u76d1\u63a7\u62a5\u8b66\uff0c\u8fd9\u53f0\u673a\u5668\u6027\u80fd\u5b58\u5728\u5f02\u5e38\uff0c\u4e5f\u6536\u5230\u4e91\u5382\u5546\u7684\u63d0\u9192\u8bf4\u53ef\u80fd\u5b58\u5728\u5b89\u5168\u95ee\u9898\u3002  <\/p>\n<h3>\u5148\u8bf4\u7ed3\u8bba<\/h3>\n<p>dify\u4f7f\u7528\u4e86react server Components\u7ec4\u4ef6\uff0c\u8be5\u7ec4\u4ef6\u572825\u5e7411\u670829\u65e5\uff0c\u88ab\u53d1\u73b0\u5b58\u5728\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff1b\u653b\u51fb\u8005\u53ef\u4ee5\u4f2a\u9020\u8bf7\u6c42\uff0c\u5c06\u6076\u610f\u547d\u4ee4\u4f20\u5165react\u670d\u52a1\uff0creact\u56e0\u6821\u9a8c\u88ab\u7ed5\u8fc7\uff0c\u5bfc\u81f4\u547d\u4ee4\u88ab\u6267\u884c\uff0c\u8fdb\u800c\u88ab\u7a83\u53d6\u4fe1\u606f\uff0c\u6216\u8005\u690d\u5165\u6316\u77ff\u7a0b\u5e8f\u3002  <\/p>\n<h3>\u6f0f\u6d1e\u76f8\u5173<\/h3>\n<p>react\u6f0f\u6d1e\u8be6\u60c5\uff1a <a href=\"https:\/\/react.dev\/blog\/2025\/12\/03\/critical-security-vulnerability-in-react-server-components\">https:\/\/react.dev\/blog\/2025\/12\/03\/critical-security-vulnerability-in-react-server-components<\/a>      <\/p>\n<ul>\n<li>\u6f0f\u6d1e\u57fa\u672c\u4fe1\u606fCVE \u7f16\u53f7\uff1aCVE-2025-55182<\/li>\n<li>\u6f0f\u6d1e\u7c7b\u578b\uff1a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff08RCE\uff09<\/li>\n<li>\u53d7\u5f71\u54cd\u7ec4\u4ef6\uff1areact-server-dom-webpack\uff08React Server Components \u7684\u4e00\u90e8\u5206\uff09\u4f7f\u7528\u8be5\u5e93\u7684\u6846\u67b6\uff0c\u5982Next.js 15.x \/ 16.x\uff08App Router \u6a21\u5f0f\uff09\u5f71\u54cd\u7248\u672c\uff1areact-server-dom-webpack:19.0.0,19.1.0,19.1.1,19.2.0Next.js:\u00a015.x,\u00a016.x\uff08\u5f53\u4f7f\u7528 App Router \u4e14\u542f\u7528\u4e86 React Server Components\uff09<\/li>\n<\/ul>\n<p>\u6f0f\u6d1e\u65f6\u95f4\u7ebf\uff1a    <\/p>\n<ul>\n<li>11\u670829\u65e5\uff0c\u5b89\u5168\u5458Lachlan Davidson\u5411META\uff08Facebook\uff09\u62a5\u544a\u4e86\u6b64\u6f0f\u6d1e<\/li>\n<li>11\u670830\u65e5\uff0cMETA\u7684\u5b89\u5168\u4eba\u5458\u548creact\u56e2\u961f\u7684\u5de5\u7a0b\u5e08\u786e\u8ba4\u4e86\u6b64\u6f0f\u6d1e\uff0c\u5e76\u5f00\u59cb\u4fee\u590d<\/li>\n<li>12\u67081\u65e5\uff0creact\u56e2\u961f\u7684\u5de5\u7a0b\u5e08\u63d0\u4f9b\u4e86\u5b89\u5168\u8865\u4e01\uff0c\u6765\u4fee\u590d\u6b64\u95ee\u9898<\/li>\n<li>12\u67083\u65e5\uff0c\u5b89\u5168\u8865\u4e01\u63d0\u4ea4\u5230\u4e86npm\uff0c\u5e76\u4e14\u8be5\u6f0f\u6d1e\u5bf9\u5916\u516c\u5e03\uff0c\u7f16\u53f7\u4e3a\uff1a<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-55182\">CVE-2025-55182<\/a>  <\/li>\n<\/ul>\n<p>\u6ce8\u610f\uff1areact\u662f\u4e2a\u524d\u7aef\u975e\u5e38\u6d41\u884c\u7684\u6846\u67b6\uff0c\u4f30\u8ba1\u6574\u4e2a\u4e92\u8054\u7f51\u4e0a\u6709\u5927\u91cf\u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\u7684\u673a\u5668\uff0c\u8be5\u6f0f\u6d1e\u65e0\u9700\u4efb\u4f55\u9274\u6743\u5373\u53ef\u88ab\u5229\u7528\uff0c\u5728\u63a5\u4e0b\u6765\u7684\u4e00\u6bb5\u65f6\u95f4\u5185\uff0c\u4f30\u8ba1\u4f1a\u6709\u975e\u5e38\u591a\u7684\u673a\u5668\u4f1a\u53d7\u6b64\u5f71\u54cd\u3002   <\/p>\n<h3>\u88ab\u690d\u5165\u6316\u77ff\u7a0b\u5e8f\u6392\u67e5<\/h3>\n<p>\u670d\u52a1\u5668\u4e00\u65e6\u88ab\u4eba\u9ed1\u8fdb\u6765\uff0c\u540e\u7eed\u7684\u52a8\u4f5c\uff0c\u65e0\u5916\u4e4e\u51e0\u79cd\uff1a <\/p>\n<ol>\n<li>\u7a83\u53d6\u673a\u5bc6\u6570\u636e\uff0c\u62ff\u5230\u9ed1\u5e02\u53bb\u5356\uff0c\u6216\u8005\u5bf9\u516c\u53f8\u8fdb\u884c\u52d2\u7d22\uff1b<\/li>\n<li>\u5bf9\u670d\u52a1\u5668\u4e0a\u7684\u6570\u636e\u8fdb\u884c\u5168\u76d8\u52a0\u5bc6\uff0c\u7136\u540e\u52d2\u7d22\u516c\u53f8\u652f\u4ed8\u89e3\u5bc6\u8d39\u7528\uff1b<\/li>\n<li>\u690d\u5165\u6316\u77ff\u7a0b\u5e8f\uff0c\u5229\u7528\u670d\u52a1\u5668\u786c\u4ef6\u8d44\u6e90\u6765\u6316\u865a\u62df\u8d27\u5e01\u3002<\/li>\n<li>\u65e9\u5e74\u95f4\uff0c\u8fd8\u6709\u5355\u7eaf\u4e3a\u4e86\u70ab\u6280\u3001\u60c5\u7eea\u6ee1\u8db3\u6765\u5b9e\u65bd\u653b\u51fb\u7684\uff0c\u4f46\u73b0\u5728\u8fd9\u79cd\u60c5\u51b5\u8d8a\u6765\u8d8a\u5c11\u4e86\u3002 <\/li>\n<li>\u8fd8\u6709\u6d89\u53ca\u5230\u516c\u53f8\u7ade\u4e89\u3001\u56fd\u5bb6\u5bf9\u6297\u7684\u60c5\u51b5\uff0c\u60c5\u51b5\u5c31\u5f88\u590d\u6742\u4e86\u3002 <\/li>\n<\/ol>\n<p>\u5982\u679c\u662f\u88ab\u690d\u5165\u6316\u77ff\u7a0b\u5e8f\uff0c\u7279\u5f81\u4e00\u822c\u5f88\u660e\u663e\uff0c\u5c31\u662fcpu\u5229\u7528\u7387\u98d9\u5347\uff0c\u975e\u5e38\u5bb9\u6613\u6392\u67e5\u3002  <\/p>\n<ol>\n<li>\u9996\u5148\u67e5\u770b\u7cfb\u7edf\u8d44\u6e90\u5360\u7528\u60c5\u51b5\uff0c<code>top<\/code><\/li>\n<li>\u627e\u5230CPU\u5360\u7528\u5f88\u9ad8\u7684\u8fdb\u7a0b\uff0c\u68c0\u67e5\u662f\u5426\u53ef\u7591<\/li>\n<li>\u67e5\u770b\u8be5\u8fdb\u7a0b\u7684\u7f51\u7edc\u8fde\u63a5\u4f7f\u7528\u60c5\u51b5\uff0c\u662f\u5426\u5bf9\u5916\u53d1\u8d77\u4e86\u53ef\u7591\u8fde\u63a5<\/li>\n<li>\u68c0\u67e5\u7cfb\u7edf\u767b\u5f55\u8bb0\u5f55\u3001\u547d\u4ee4\u6267\u884chistory\uff0c\u4e0d\u8fc7\u4e00\u822c\u88ab\u9ed1\u8fdb\u6765\uff0c\u4ed6\u4eec\u90fd\u4f1a\u6e05\u7406\u73b0\u573a<\/li>\n<\/ol>\n<p>\u6700\u7ec8\u6392\u67e5\u5230\uff0c\u662f\u4e00\u4e2adocker\u5b9e\u4f8b\u4e0a\u8fd0\u884c\u4e86next.js\uff0c\u7136\u540e\u56e0\u4e3a\u6f0f\u6d1e\u88ab\u9ed1\u8fdb\u6765\uff0c\u690d\u5165\u4e86\u6316\u77ff\u7a0b\u5e8f\uff0c\u628a\u670d\u52a1\u5668CPU\u8dd1\u6ee1\u4e86\u3002\u627e\u5230\u7684\u65e5\u5fd7\u5177\u4f53\u5982\u4e0b\uff1a<br \/>\n<a href=\"https:\/\/image.yeetrack.com\/wp-content\/uploads\/2025\/12\/react.png\"><img decoding=\"async\" src=\"https:\/\/image.yeetrack.com\/wp-content\/uploads\/2025\/12\/react.png\" alt=\"\" \/><\/a><br \/>\n\u53ef\u4ee5\u770b\u5230\u5176\u662f\u4ece\u4e00\u4e2a\u9ed1\u4ea7\u7f51\u7ad9\u4e0b\u8f7d\u4e86\u6316\u77ff\u7a0b\u5e8f\uff0c\u7136\u540e\u5077\u5077\u90e8\u7f72\u5728\/tmp\u8def\u5f84\u4e0b\uff0c\u5e76\u6e05\u7406\u4e86\u81ea\u5df1\u7684\u75d5\u8ff9\u3002  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u516c\u53f8\u4f7f\u7528\u4e86\u56fd\u5185\u7684\u67d0\u516c\u6709\u4e91\uff0c\u5728\u5176\u4e2d\u4e00\u53f0\u865a\u62df\u673a\u4e0a\u642d\u5efa\u4e86\u5168\u5957\u7684dify\u5927\u6a21\u578b\u7a0b\u5e8f\uff0c\u56e0\u4e3a\u6709\u5916\u90e8\u670d\u52a1\u8981\u8c03\u7528\uff0c\u6240\u4ee5\u5f00\u4e86\u516c\u7f51\u8bbf\u95ee\u3002\u8fd1\u65e5\u6536\u5230\u76d1\u63a7\u62a5\u8b66\uff0c\u8fd9\u53f0\u673a\u5668\u6027\u80fd\u5b58\u5728\u5f02\u5e38\uff0c\u4e5f\u6536\u5230\u4e91\u5382\u5546\u7684\u63d0\u9192\u8bf4\u53ef\u80fd\u5b58\u5728\u5b89\u5168\u95ee\u9898\u3002 \u5148\u8bf4&#46;&#46;&#46;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"pgc_sgb_lightbox_settings":"","footnotes":""},"categories":[35,34],"tags":[94,26],"class_list":["post-1736","post","type-post","status-publish","format-standard","hentry","category-hacking","category-software","tag-dify","tag-26"],"views":301,"_links":{"self":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts\/1736","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1736"}],"version-history":[{"count":1,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts\/1736\/revisions"}],"predecessor-version":[{"id":1738,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts\/1736\/revisions\/1738"}],"wp:attachment":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1736"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1736"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1736"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}