Blitz.js Framework Vulnerability Could Allow Remote Code Execution


Blitz.js framework vulnerability

According to a recent report from Sonar, their researchers found a severe security vulnerability in the Blitz.js framework. Specifically, Blitz.js is a full-stack React web framework inspired by Ruby On Rails, built on Next.js. Regarding the vulnerability, the researchers explained that they observed a prototype pollution vulnerability in the framework. The vulnerability, CVE-2022-23631, affected the “serialization library superjson used in the RPC layer of Blitz.js”. An app using the Blitz.js framework would be vulnerable to the flaw if it implemented at least one RPC call.
Read more…