Public
RubyGems
bug reports.
4,419
Bug Reports -
$2,030,173
Paid Out
Last Updated:
12th September, 2017
Team
Bounty
Title
RubyGems
$1,000
Installing a crafted gem package may create or overwrite files
RubyGems
-
No limit of summary length allows Denail of Service
RubyGems
$500
Escape sequence injection in "summary" field
RubyGems
$1,000
Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier
RubyGems
-
Possible Subdomain Takeover at http://production.s3.rubygems.org/ pointing to Fastly
RubyGems
-
Login credentials transmitted in cleartext on index.rubygems.org
RubyGems
-
Password Reset emails missing TLS leads account takeover
RubyGems
-
Invalid username updating