3 months ago
Hello there,
I am currently investigating deployment ID 08c8d481-caba-4132-ab85-a333e10c7661 which was our production frontend instance. This server was compromised - across the website it began serving poisoned links to a scam gambling site approx within the last 24 hours. I have yet to determine the vulnerability that was exploited, but redeploying the instance appears to have eliminated the issue. I do not believe this could be react2shell because this instance uses react 18, not react 19. The integrity of our backend seems to be unaffected. Please confirm to me if Railway has experienced a security breach on its end. I am proceeding with the assumption that our dependencies are at fault, and updating them accordingly.
2 Replies
3 months ago
This thread has been marked as public for community involvement, as it does not contain any sensitive or personal information. Any further activity in this thread will be visible to everyone.
Status changed to Open brody • 3 months ago
3 months ago
Hiya,
Railway is not having any security breaches on our end, so we've pushed this thread to bounties to help you out with your application. Have you looked at your package-lock.json and audited it for supply chain problems or dependency issues?
3 months ago
Hi there, yes pnpm audit was pretty grim multiple critical vulnerabilities besides react2shell. To be honest all I needed to know was that there is no issue on your end. I'm rapidly deploying a new upgraded package list now, and writing this off.
Status changed to Solved occultus73 • 3 months ago
Status changed to Open itsrems • 3 months ago
Status changed to Solved itsrems • 3 months ago