Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Ruby - HackerOne Reports

View on HackerOne

72

Total Reports

1

Critical

10

High

20

Medium

10

Low

Arbitrary file injection via symlink attack in rdoc generator

Reported by: sighook | Disclosed:

Weakness: Resource Injection

OpenSSL::X509::Name Equality Check Does Not Work, Patch included

Reported by: tylereckstein | Disclosed:

Medium

Weakness: Improper Certificate Validation

Round-trip instability in REXML

Reported by: jupenur | Disclosed:

Medium

Bounty: $500.00

RubyのCGIライブラリにHTTPレスポンス分割（HTTPヘッダインジェクション）があり、秘密情報が漏洩する

Reported by: htokumaru | Disclosed:

High

Weakness: HTTP Response Splitting

CGI::Cookieクラスにおけるセキュリティ上好ましくない仕様および実装

Reported by: htokumaru | Disclosed:

Low

Weakness: HTTP Response Splitting

Header CRLF Injection in Ruby Net::HTTP

Reported by: leixiao | Disclosed:

Weakness: CRLF Injection

RCE (Remote Code Execution) Vulnerability on Ruby

Reported by: cloudyvirus | Disclosed:

Medium

Weakness: Remote File Inclusion

Potential HTTP Request Smuggling in ruby webrick

Reported by: piao | Disclosed:

Low

Weakness: HTTP Request Smuggling

Bounty: $500.00

Escape sequence injection vulnerability in WEBrick BasicAuth

Reported by: mame | Disclosed:

Medium

Weakness: Command Injection - Generic

Bounty: $500.00

Code Injection Bug Report

Reported by: geeknik | Disclosed:

Weakness: Code Injection

The taint flag is not propagated at JSON.parse

Reported by: ooooooo_q | Disclosed:

Null character at fnmatch

Reported by: ooooooo_q | Disclosed:

Bounty: $200.00

Command injection in Pathname

Reported by: ooooooo_q | Disclosed:

Weakness: Command Injection - Generic

Bounty: $200.00

Resolv::getaddresses bug that can be abused to bypass security measures.

Reported by: edoverflow | Disclosed:

Weakness: Violation of Secure Design Principles

Potential command injection in `Shell#[]` and `Shell#test`

Reported by: ooooooo_q | Disclosed:

Weakness: Command Injection - Generic

Bounty: $200.00

SEGV in parse_rat()

Reported by: etsukata | Disclosed:

Weakness: Uncontrolled Resource Consumption

Writable RubyCi Amazon s3 bucket

Reported by: dataalchemist | Disclosed:

High

Weakness: Improper Authentication - Generic

Bounty: $500.00

lib/net/ftp.rb: trusting PASV responses allow client abuse

Reported by: sighook | Disclosed:

Low

Weakness: Information Disclosure

Bounty: $500.00

CVEs: CVE-2020-8284 CVE-2007-1562

ReDoS in Time.rfc2822

Reported by: ooooooo_q | Disclosed:

ReDoS in Psych

Reported by: ooooooo_q | Disclosed:

Previous Page 2 of 4 Next