Information security
fromInfoWorld
2 days agoRCE in React Native CLI opens Dev Servers to attacks
The Metro development server exposes an unsafe /open-url endpoint and defaults to listening on 0.0.0.0, allowing remote command execution unless patched.