[treesknees]

What’s concerning about it? The first thing I thought when I read the headline was “wow, another react CVE?” It’s not a justification, it’s an explanation to the most obvious immediate question.

[vcarl]

It's definitely a defensive statement, proactively covering the situation as "normal". Normal it may be, but emphasizing that in the limited space of a tweet thread definitely indicates where their mind is on this, I'd think.

[treesknees]

Are you reading a different link? This statement is on a React blog post, not a Twitter thread.

[tom1337]

But it is another React CVE. Doesn't really matter why it was uncovered, it's bad that it existed either way

[brazukadev]

an insecure software will have multiple CVEs, not necessarily related to each other. Those 3 are probably not the only ones.