React2Shell Guard

Version updated for https://github.com/gensecaihq/react2shell-scanner to version v1.0.9.

• This action is used across all versions by ? repositories.

Go to the GitHub Marketplace to find the latest changes.

Release notes

Fixes

Improved URL scanner to correctly detect vulnerable Next.js applications:

• Version detection: Now checks page source for vulnerable Next.js/React version strings
• HTML entity handling: Properly handles " encoded quotes in version strings
• Multi-endpoint probing: Scans multiple common Server Action endpoints
• Enhanced patterns: Added RSC Flight protocol patterns for better detection

Verified

Tested against known vulnerable target: https://nextjs-cve-hackerone.vercel.app/

$ npx react2shell-guard@1.0.9 scan-url https://nextjs-cve-hackerone.vercel.app/

VULNERABLE
  URL: https://nextjs-cve-hackerone.vercel.app/
  Status: 200
  Signature: version-detection: "next": "16.0.6"

Installation

npm install -g react2shell-guard@1.0.9

• gensecaihq
• GitHub Actions