¾È³çÇϼ¼¿ä, ¿£¿¡ÀÌÄ¡¿£È£½ºÆÃÀÔ´Ï´Ù.
ÃÖ±Ù °ø°³µÈ ¡®React2Shell' ¿ø°Ý ÄÚµå ½ÇÇà(RCE) Ãë¾àÁ¡ÀÌ React ¹× Next.js ÇÁ·ÎÁ§Æ®¿¡¼ »ç¿ëµÇ´Â React Server Components(RSC) ±â´É¿¡¼ ¹ß°ßµÇ¾ú½À´Ï´Ù. ÇØ´ç Ãë¾àÁ¡Àº °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ ÀÓÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Â Ä¡¸íÀûÀÎ ¼öÁØÀ̸ç, »ç¿ë ÁßÀÎ ÆÐÅ°Áö ¹öÀüÀ» Áï½Ã È®ÀÎ ÈÄ º¸ ¾È¾÷µ¥ÀÌÆ®¸¦ ÁøÇàÇÏ½Ç °ÍÀ» ±Ç°íµå¸³´Ï´Ù. ¾Æ·¡ ³»¿ëÀ» È®ÀÎÇÏ½Ã¾î º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ÁøÇàÇØ ÁÖ¼¼¿ä.
ÀÚ¼¼ÇÑ »çÇ×Àº ¾Æ·¡ ³»¿ëÀ» Âü°í ºÎŹµå¸³´Ï´Ù.
¡á Ãë¾àÁ¡ °ü·Ã Á¤º¸ - CVE ½Äº°ÀÚ : CVE-2025-55182 CVE-2025-66478 - ¸íĪ: ¿ø°Ý ÄÚµå ½ÇÇà(RCE) Ãë¾àÁ¡ - ¼³¸í React Server Components(RSC) ±â´É¿¡¼ »ç¿ëÇÏ´Â Flight ÇÁ·ÎÅäÄÝÀÇ ¿ªÁ÷·ÄÈ Ã³¸® ·ÎÁ÷ÀÇ °áÇÔÀ¸·Î ÀÎÇØ °ø°ÝÀÚ°¡ ¿ø°Ý ÄÚµå ½ÇÇà °ø°Ý ¼öÇà °¡´É - µî±Þ NIST: ¾ÆÁ÷ ¹Ìµî·Ï CNA: Critical(10.0) - PoC »óÅÂ: °ø°³
¡á ¿µÇâ ¹Þ´Â ¹öÀü - React: 19.0.0, 19.1.0, 19.1.1, 19.2.0 - Next.js(AppRouter ±â¹Ý): 14.3.0-canary, 15.x, 16.x
¾÷µ¥ÀÌÆ®°¡ Æ÷ÇÔµÈ ¾ÈÀüÇÑ ¹öÀü React: 19.0.0, 19.1.0, 19.1.1, 19.2,0 Next.js: 14.3.0-canary.88, 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7
¡á Âü°í »çÀÌÆ® https://nvd.nist.gov/vuln/detail/CVE-2025-55182 https://nvd.nist.gov/vuln/detail/CVE-2025-66478 http://www.openwall.com/lists/oss-security/2025/12/03/4 https://news.ycombinator.com/item?id=46136026 https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components https://www.facebook.com/security/advisories/cve-2025-55182 https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 https://vercel.com/changelog/cve-2025-55182 https://cloud.google.com/blog/products/identity-security/responding-to-cve-2025-55182?hl=en
°¨»çÇÕ´Ï´Ù. |
