Part 2/10:

This vulnerability, colloquially dubbed "React to Shell," is reminiscent of the notorious Log4j exploit from 2021. Its severity rating is a perfect 10.0 on the CVSS scale, signaling an imminent threat to impacted systems. Essentially, this flaw allows malicious actors to execute arbitrary commands on the server, compromising the integrity and security of the backend infrastructure.

In an experimental setup, the presenter demonstrated an affected Next.js default installation running on a virtual machine. Simple commands like id confirmed the server's identity, revealing adequate privileges allowing unrestricted command execution. Subsequently, a reboot command was issued, shutting down the server, illustrating just how impactful the exploit can be.