Ruby - HackerOne Reports
View on HackerOne72
Total Reports
1
Critical
10
High
20
Medium
10
Low
Command injection in OptionParser.load
Reported by:
piao
|
Disclosed:
Low
Weakness: Command Injection - Generic
XSS exploit of RDoc documentation generated by rdoc
Reported by:
sighook
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
CVEs:
CVE-2013-0256
Attacker can smuggle a malicious domain in a URI object.
Reported by:
djspinmonkey
|
Disclosed:
Weakness: Open Redirect
sprintf combined format string attack
Reported by:
aerodudrizzt
|
Disclosed:
Medium
Weakness: Memory Corruption - Generic
HTTP header can split /[\r\n]/ instead of /\r\n/
Reported by:
znz
|
Disclosed:
Open aws s3 bucket s3://rubyci
Reported by:
sandeep_hodkasia
|
Disclosed:
Critical
Weakness: Information Disclosure
Ruby:HTTP Header injection in 'net/http'
Reported by:
rootredrain
|
Disclosed:
Weakness: Open Redirect
Uncontrolled Resource Consumption when parsing maliciously crafted XML with REXML
Reported by:
l33thaxor
|
Disclosed:
Medium
Weakness: Uncontrolled Resource Consumption
OS Command Injection in '/lib/un.rb -- Utilities to replace common UNIX commands in Makefiles etc'
Reported by:
sighook
|
Disclosed:
Medium
Weakness: OS Command Injection
Path traversal in Tempfile on windows OS due to unsanitized backslashes
Reported by:
bugdiscloseguys
|
Disclosed:
Medium
Weakness: Path Traversal
Bounty: $500.00
heap-buffer-overflow in gc_writebarrier_incremental
Reported by:
piao
|
Disclosed:
Weakness: Heap Overflow
Stored XSS in RDoc hyperlinks through javascript scheme
Reported by:
sighook
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Previous
Page 4 of 4