React

6 Articles

This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

December 5, 2025 by 3 Comments

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you need something to shake you out of that turkey-induced coma, React Server has a single request Remote Code Execution flaw in versions 19.0.1, 19.1.2, and 19.2.1.

The issue is insecure deserialization in the Flight protocol, as implemented right in React Server, and notably also used in Next.js. Those two organizations have both issued Security Advisories for CVSS 10.0 CVEs.

There are reports of a public Proof of Concept (PoC), but the repository that has been linked explicitly calls out that it is not a true PoC, but merely research into how the vulnerability might work. As far as I can tell, there is not yet a public PoC, but reputable researchers have been able to reverse engineer the problem. This implies that mass exploitation attempts are not far off, if they haven’t already started. Continue reading “This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud”

GP2040: A Configurable Game Pad Firmware

September 4, 2022 by 12 Comments

[feralAI] and fellow GitHub contributors present for your viewing pleasure GP2040: an open source game pad firmware for RP2040-based hardware. The dual-core RP2040 is a good platform to use for gaming inputs, as there is plenty of CPU grunt to get sub-1 ms USB polling time, regardless of any other tasks the controller may be performing. Currently the firmware supports PC, Android, RPi, Nintendo Switch, PS3, PS4 (legacy mode), and the sweet MiSTer FPGA-based retro-gaming platform.

The firmware supports the older DirectInput API and the newer shiny (but rather restrictive) XInput API (no, it’s not the old X11 input extension with the same name) — as well as the usual controller features like SOCD cleaning, D-pad mapping, and RGB support for additional distractions. There is even support for those tiny OLED displays (SSD1306 and friends), although we can’t think of a use case for that at the moment. Configuration is particularly interesting, however, as it is based upon an embedded web application. This is where the pin mappings to your actual hardware are defined, as well as all that RGB bling, if you so desire.

Continue reading “GP2040: A Configurable Game Pad Firmware”

The Operator Input Device in a Minuteman II Missile Silo computer

Nuclear Missile Silo Keyboard Re-Launched In USB

December 1, 2021 by 14 Comments

When [jns] and their colleague came across an industrial or possibly military grade keyboard/trackball combo on eBay, their minds did the same backflips that yours or mine might. Enthralled by the specialty key caps, the custom layout, and companion trackball adorned with its own keys rather than buttons [jns] and his workmate they did the only thing that infatuated hackers can do: They each bought one! [jns]’s goal? Make it work via USB.  Everything’s been documented in both software and in a very well done video that you can see below the break.