hackerone-client 0.20.1 → 0.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/fixtures/vcr_cassettes/report_list_before.yml +271 -0
- data/lib/hackerone/client.rb +10 -3
- data/lib/hackerone/client/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c404066a77eb0268ffe68195bde8325495791ed83081d77f78ae3d3d050a68ac
|
|
4
|
+
data.tar.gz: b10a0451bff43158faee9bf912e5e597f14ffd6dff7779625bc085fe4b821201
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f095e3da37045adebd08ed65d6bdeab6e0e37c5ead94669a747269ce1a17296863afa77cd8373a60f94f36f5919a95249bcf490d835ab48609047223997024a5
|
|
7
|
+
data.tar.gz: 22d3f5fd055377103bb966f336925ddbaa0f021a7680b7780eb30badc945022c94fe02b5dd49a1e6b635e1025d49bca5046c555efb26b2dd85eb46abe0f08352
|
data/README.md
CHANGED
|
@@ -9,7 +9,7 @@ client = HackerOne::Client::Api.new("github")
|
|
|
9
9
|
client.create_report(title: "hi", summary: "hi", impact: "string", severity_rating: :high, source: "api")
|
|
10
10
|
|
|
11
11
|
# GET '/reports' returns all reports in a given state for a program, by default :new
|
|
12
|
-
client.reports(state: :new)
|
|
12
|
+
client.reports(since: 10.days.ago, before: 1.day.ago, state: :new)
|
|
13
13
|
|
|
14
14
|
# GET '/report/{id}' returns report data for a given report
|
|
15
15
|
report = client.report(id)
|
|
@@ -0,0 +1,271 @@
|
|
|
1
|
+
---
|
|
2
|
+
http_interactions:
|
|
3
|
+
- request:
|
|
4
|
+
method: get
|
|
5
|
+
uri: https://api.hackerone.com/v1/reports?filter%5Bcreated_at__lt%5D=2017-02-11T16:00:44-10:00&filter%5Bprogram%5D%5B0%5D=github&filter%5Bstate%5D%5B0%5D=new
|
|
6
|
+
body:
|
|
7
|
+
encoding: US-ASCII
|
|
8
|
+
string: ''
|
|
9
|
+
headers:
|
|
10
|
+
Authorization:
|
|
11
|
+
- Basic ==
|
|
12
|
+
User-Agent:
|
|
13
|
+
- Faraday v1.3.0
|
|
14
|
+
Accept-Encoding:
|
|
15
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
|
16
|
+
Accept:
|
|
17
|
+
- "*/*"
|
|
18
|
+
response:
|
|
19
|
+
status:
|
|
20
|
+
code: 200
|
|
21
|
+
message: OK
|
|
22
|
+
headers:
|
|
23
|
+
Date:
|
|
24
|
+
- Tue, 26 Jan 2021 01:59:08 GMT
|
|
25
|
+
Content-Type:
|
|
26
|
+
- application/json; charset=utf-8
|
|
27
|
+
Transfer-Encoding:
|
|
28
|
+
- chunked
|
|
29
|
+
Connection:
|
|
30
|
+
- keep-alive
|
|
31
|
+
Set-Cookie:
|
|
32
|
+
- __cfduid=d1825b95f694de8ff5c78cb985c261f491611626346; expires=Thu, 25-Feb-21
|
|
33
|
+
01:59:06 GMT; path=/; Domain=api.hackerone.com; HttpOnly; SameSite=Lax; Secure
|
|
34
|
+
X-Request-Id:
|
|
35
|
+
- 3d4375bc-4de0-4760-85b8-003b3e09420d
|
|
36
|
+
Etag:
|
|
37
|
+
- W/"f33bd1b1c69b6617410c264d74fffa56"
|
|
38
|
+
Cache-Control:
|
|
39
|
+
- max-age=0, private, must-revalidate
|
|
40
|
+
Strict-Transport-Security:
|
|
41
|
+
- max-age=31536000; includeSubDomains; preload
|
|
42
|
+
X-Frame-Options:
|
|
43
|
+
- DENY
|
|
44
|
+
X-Content-Type-Options:
|
|
45
|
+
- nosniff
|
|
46
|
+
X-Xss-Protection:
|
|
47
|
+
- 1; mode=block
|
|
48
|
+
X-Download-Options:
|
|
49
|
+
- noopen
|
|
50
|
+
X-Permitted-Cross-Domain-Policies:
|
|
51
|
+
- none
|
|
52
|
+
Referrer-Policy:
|
|
53
|
+
- strict-origin-when-cross-origin
|
|
54
|
+
Expect-Ct:
|
|
55
|
+
- enforce, max-age=86400
|
|
56
|
+
Content-Security-Policy:
|
|
57
|
+
- 'default-src ''none''; base-uri ''self''; block-all-mixed-content; child-src
|
|
58
|
+
www.youtube-nocookie.com; connect-src ''self'' www.google-analytics.com errors.hackerone.net;
|
|
59
|
+
font-src ''self''; form-action ''self''; frame-ancestors ''none''; img-src
|
|
60
|
+
''self'' data: cover-photos.hackerone-user-content.com hackathon-photos.hackerone-user-content.com
|
|
61
|
+
profile-photos.hackerone-user-content.com hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
|
|
62
|
+
media-src ''self'' hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com;
|
|
63
|
+
script-src ''self'' www.google-analytics.com; style-src ''self'' ''unsafe-inline'';
|
|
64
|
+
report-uri https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d'
|
|
65
|
+
Cf-Cache-Status:
|
|
66
|
+
- DYNAMIC
|
|
67
|
+
Cf-Request-Id:
|
|
68
|
+
- 07de0391de0000fda912ab2000000001
|
|
69
|
+
Server:
|
|
70
|
+
- cloudflare
|
|
71
|
+
Cf-Ray:
|
|
72
|
+
- 6176a1fc9fcefda9-PDX
|
|
73
|
+
body:
|
|
74
|
+
encoding: ASCII-8BIT
|
|
75
|
+
string: '{"data":[{"id":"440362","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-13T23:01:55.070Z","vulnerability_information":"gewewg\n\n##
|
|
76
|
+
Impact\n\ngwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-13T23:01:55.139Z","first_program_activity_at":"2016-11-13T23:01:55.139Z","last_program_activity_at":"2016-11-13T23:01:55.139Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-13T23:01:55.139Z","last_activity_at":"2016-11-13T23:05:46.933Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
77
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
78
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"240715","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-13T23:01:55.102Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
79
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
80
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434162","type":"report","attributes":{"title":"fewew","state":"new","created_at":"2016-11-05T02:24:29.286Z","vulnerability_information":"fewfew\n\n##
|
|
81
|
+
Impact\n\nfewfwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-05T02:24:29.343Z","first_program_activity_at":"2016-11-05T02:24:29.343Z","last_program_activity_at":"2016-11-05T02:24:29.343Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"abc","last_public_activity_at":"2016-11-05T02:24:29.343Z","last_activity_at":"2016-11-13T23:14:58.672Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
82
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
83
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234626","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-05T02:24:29.316Z"}}},"weakness":{"data":{"id":"73","type":"weakness","attributes":{"name":"Phishing","description":"Phishing
|
|
84
|
+
is a social engineering technique where an attacker masquerades as a legitimate
|
|
85
|
+
entity with which the victim might do business in order to prompt the user
|
|
86
|
+
to reveal some confidential information (very frequently authentication credentials)
|
|
87
|
+
that can later be used by an attacker. Phishing is essentially a form of information
|
|
88
|
+
gathering or \"fishing\" for information.","external_id":"capec-98","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434100","type":"report","attributes":{"title":"gewgwe","state":"new","created_at":"2016-11-04T20:11:35.887Z","vulnerability_information":"gewgew\n\n##
|
|
89
|
+
Impact\n\ngwegwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T20:11:36.005Z","first_program_activity_at":"2016-11-04T20:11:36.005Z","last_program_activity_at":"2016-11-04T20:11:36.005Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T20:11:36.005Z","last_activity_at":"2016-11-04T20:11:37.381Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
90
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234571","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T20:11:35.963Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An
|
|
91
|
+
adversary installs and executes malicious code on the target system in an
|
|
92
|
+
effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"434096","type":"report","attributes":{"title":"Testing","state":"new","created_at":"2016-11-04T19:50:18.883Z","vulnerability_information":"lfkjewjl\n\n##
|
|
93
|
+
Impact\n\nflejwljkwe","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-04T19:50:18.960Z","first_program_activity_at":"2016-11-04T19:50:18.960Z","last_program_activity_at":"2016-11-04T19:50:18.960Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-04T19:50:18.960Z","last_activity_at":"2016-11-04T19:50:18.960Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
94
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"234568","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-11-04T19:50:18.923Z"}}},"weakness":{"data":{"id":"76","type":"weakness","attributes":{"name":"Malware","description":"An
|
|
95
|
+
adversary installs and executes malicious code on the target system in an
|
|
96
|
+
effort to achieve a negative technical impact.","external_id":"capec-549","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15939","type":"structured-scope","attributes":{"asset_type":"HARDWARE","asset_identifier":"GitHub
|
|
97
|
+
Enterprise","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"GitHub
|
|
98
|
+
Enterprise is the on-premises version of GitHub. GitHub Enterprise shares
|
|
99
|
+
a code-base with GitHub.com, is built on Ruby on Rails and leverages a number
|
|
100
|
+
of open source technologies.\n\nGitHub Enterprise adds a number of features
|
|
101
|
+
for enterprise infrastructures. This includes additional authentication backends
|
|
102
|
+
and clustering options. Below is a subset of features unique to GitHub Enterprise
|
|
103
|
+
that might be interesting to investigate.\n\n- Instance-wide authentication
|
|
104
|
+
([*private mode*](https://help.github.com/enterprise/admin/guides/installation/enabling-private-mode/))\n-
|
|
105
|
+
External authentication backends including [CAS, LDAP, and SAML](https://help.github.com/enterprise/admin/guides/user-management/)\n-
|
|
106
|
+
In-app administration of the instance using a site administrator control panel\n-
|
|
107
|
+
[User, organization, and repository migration](https://help.github.com/enterprise/admin/guides/migrations/)\n-
|
|
108
|
+
[Web-based management console](https://help.github.com/enterprise/admin/guides/installation/web-based-management-console/)
|
|
109
|
+
and [SSH access](https://help.github.com/enterprise/admin/guides/installation/administrative-shell-ssh-access/)
|
|
110
|
+
to configure and update the instance\n- [Pre-receive hook scripts](https://help.github.com/enterprise/admin/guides/developer-workflow/creating-a-pre-receive-hook-script/)\n\nYou
|
|
111
|
+
can request a trial of GitHub Enterprise for security testing at [https://enterprise.github.com/bounty](https://enterprise.github.com/bounty).\n\n-
|
|
112
|
+
Resources and features provided by the latest patch release of each non-deprecated
|
|
113
|
+
version of the GitHub Enterprise virtual machine. Major versions of GitHub
|
|
114
|
+
Enterprise are deprecated one year after release. For more information see
|
|
115
|
+
[this list of releases](https://enterprise.github.com/releases/).\n- All listening
|
|
116
|
+
services hosted on a GitHub Enterprise instance. See [our documentation](https://help.github.com/enterprise/admin/guides/installation/network-ports-to-open/)
|
|
117
|
+
for a reference of ports typically opened on a GitHub Enterprise instance.\n-
|
|
118
|
+
Code de-obfuscation may be explored to further investigate GitHub Enterprise,
|
|
119
|
+
but only for the purpose of the bounty program. Bounty hunters still need
|
|
120
|
+
to abide by all of our other Bounty program rules and terms and the applicable
|
|
121
|
+
software license terms.\n\nIneligible submissions:\n- Vulnerabilities caused
|
|
122
|
+
by lack of subdomain isolation\n- Escalation to the root user via sudo\n-
|
|
123
|
+
Bypassing source code de-obfuscation\n","max_severity":"critical","created_at":"2016-10-29T20:48:48.915Z","updated_at":"2016-10-29T20:48:48.915Z","reference":""}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"430397","type":"report","attributes":{"title":"Demo
|
|
124
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-10-29T18:07:20.617Z","vulnerability_information":"In
|
|
125
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
|
126
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
|
127
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
|
128
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
|
129
|
+
allows us to run an external script on your website that for example steals
|
|
130
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
|
131
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-11-01T18:07:30.449Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-11-01T18:07:30.449Z","last_activity_at":"2016-11-01T18:07:30.449Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
|
132
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"170761","type":"user","attributes":{"username":"philipturnbull","name":"Phil
|
|
133
|
+
Turnbull","disabled":false,"created_at":"2017-05-24T18:37:20.644Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/170/761/32db5fe3b68ab940c08762597cf6dc218ea569ab_original.jpeg/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9VWTI5dFltbHVaVjl2Y0hScGIyNXpld2c2REdkeVlYWnBkSGxKSWd0RFpXNTBaWElHT2daRlZEb0xjbVZ6YVhwbFNTSU5NVEV3ZURFeE1GNEdPd2RVT2dsamNtOXdTU0lRTVRFd2VERXhNQ3N3S3pBR093ZFUiLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--955e4ecf4dcd6b5873333833a7d869bd60c7dd7b/45588_orig.jpeg","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbHhqIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--1288f07999072babe0cdf90162e1f6f7da35aa14/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/45588_orig.jpeg"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
134
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
135
|
+
or using an array index, but the product does not validate or incorrectly
|
|
136
|
+
validates the index to ensure the index references a valid position within
|
|
137
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425480","type":"report","attributes":{"title":"greg","state":"new","created_at":"2016-10-18T20:05:44.316Z","vulnerability_information":"gregr\n\n##
|
|
138
|
+
Impact\n\ngregre","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T20:05:44.403Z","first_program_activity_at":"2016-10-18T20:05:44.403Z","last_program_activity_at":"2016-10-18T20:05:44.403Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T20:05:44.403Z","last_activity_at":"2016-10-18T20:08:09.264Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
139
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
140
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225991","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T20:05:44.360Z"}}},"weakness":{"data":{"id":"9","type":"weakness","attributes":{"name":"Buffer
|
|
141
|
+
Over-read","description":"The software reads from a buffer using buffer access
|
|
142
|
+
mechanisms such as indexes or pointers that reference memory locations after
|
|
143
|
+
the targeted buffer.","external_id":"cwe-126","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425470","type":"report","attributes":{"title":"htht","state":"new","created_at":"2016-10-18T19:13:48.758Z","vulnerability_information":"htrhtr\n\n##
|
|
144
|
+
Impact\n\nhrthht","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T19:13:48.849Z","first_program_activity_at":"2016-10-18T19:13:48.849Z","last_program_activity_at":"2016-10-18T19:13:48.849Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T19:13:48.849Z","last_activity_at":"2016-10-18T19:13:51.079Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
145
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225980","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T19:13:48.798Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
|
146
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
|
147
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
|
148
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425425","type":"report","attributes":{"title":"fewfewfew","state":"new","created_at":"2016-10-18T17:02:37.361Z","vulnerability_information":"fwefawefe\n\n##
|
|
149
|
+
Impact\n\nfewfewfew","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2019-09-19T05:23:10.079Z","first_program_activity_at":"2016-10-18T17:02:37.427Z","last_program_activity_at":"2019-09-19T05:24:01.166Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2019-09-19T05:24:01.166Z","last_activity_at":"2019-09-19T05:24:01.166Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
150
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"519534","type":"severity","attributes":{"rating":"low","author_type":"Team","user_id":516261,"created_at":"2019-09-19T05:24:01.145Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
151
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
152
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425399","type":"report","attributes":{"title":"htehre","state":"new","created_at":"2016-10-18T15:34:27.207Z","vulnerability_information":"hrehreh\n\n##
|
|
153
|
+
Impact\n\nhreherrehrhh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-18T15:34:27.260Z","first_program_activity_at":"2016-10-18T15:34:27.260Z","last_program_activity_at":"2016-10-18T15:34:27.260Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-18T15:34:27.260Z","last_activity_at":"2016-10-18T15:35:58.276Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
154
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225912","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-18T15:34:27.234Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
155
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
156
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"425184","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-10-17T23:23:07.652Z","vulnerability_information":"htrhrt\n\n##
|
|
157
|
+
Impact\n\nhtrhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-17T23:23:07.736Z","first_program_activity_at":"2016-10-17T23:23:07.736Z","last_program_activity_at":"2016-10-17T23:23:07.736Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-17T23:23:07.736Z","last_activity_at":"2016-10-17T23:26:41.323Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
158
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
159
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225660","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-17T23:23:07.689Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
|
160
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
|
161
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
|
162
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15455","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"render.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"critical","created_at":"2016-10-10T00:40:51.479Z","updated_at":"2016-10-10T00:40:51.479Z","reference":"","confidentiality_requirement":"medium","integrity_requirement":"medium","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"424694","type":"report","attributes":{"title":"gregre","state":"new","created_at":"2016-10-16T16:16:11.476Z","vulnerability_information":"gregregre\n\n##
|
|
163
|
+
Impact\n\ngregerg","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-10-16T16:16:11.543Z","first_program_activity_at":"2016-10-16T16:16:11.543Z","last_program_activity_at":"2016-10-16T16:16:11.543Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-10-16T16:16:11.543Z","last_activity_at":"2016-10-16T16:16:46.459Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
164
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"225129","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-10-16T16:16:11.512Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
|
165
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
|
166
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
|
167
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"structured_scope":{"data":{"id":"15454","type":"structured-scope","attributes":{"asset_type":"URL","asset_identifier":"*.github.com","eligible_for_bounty":true,"eligible_for_submission":true,"instruction":"","max_severity":"medium","created_at":"2016-10-10T00:40:37.435Z","updated_at":"2016-10-10T00:40:37.435Z","reference":"","confidentiality_requirement":"low","integrity_requirement":"low","availability_requirement":"low"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415344","type":"report","attributes":{"title":"htrhtr","state":"new","created_at":"2016-09-27T16:32:05.063Z","vulnerability_information":"thrhtrhtr\n\n##
|
|
168
|
+
Impact\n\nthrrthtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T16:32:05.126Z","first_program_activity_at":"2016-09-27T16:32:05.126Z","last_program_activity_at":"2016-09-27T16:32:05.126Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"issue_tracker_reference_id":"12","last_public_activity_at":"2016-09-27T16:32:05.126Z","last_activity_at":"2016-09-27T17:12:54.153Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
169
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
170
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215876","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T16:32:05.095Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
|
171
|
+
Force","description":"The software does not implement sufficient measures
|
|
172
|
+
to prevent multiple failed authentication attempts within in a short time
|
|
173
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415144","type":"report","attributes":{"title":"htrh","state":"new","created_at":"2016-09-27T01:00:56.238Z","vulnerability_information":"hhtrhrt\n\n##
|
|
174
|
+
Impact\n\nhtr","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-27T01:00:56.317Z","first_program_activity_at":"2016-09-27T01:00:56.317Z","last_program_activity_at":"2016-09-27T01:01:24.428Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T01:01:24.428Z","last_activity_at":"2016-09-27T01:01:25.509Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":28,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
175
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
176
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215668","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-27T01:00:56.277Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
177
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
178
|
+
or using an array index, but the product does not validate or incorrectly
|
|
179
|
+
validates the index to ensure the index references a valid position within
|
|
180
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415133","type":"report","attributes":{"title":"k78k87","state":"new","created_at":"2016-09-26T23:51:35.228Z","vulnerability_information":"k87k87k87\n\n##
|
|
181
|
+
Impact\n\nk8787kk7k7k78likuj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T23:51:35.299Z","first_program_activity_at":"2016-09-26T23:51:35.299Z","last_program_activity_at":"2016-09-27T00:05:08.131Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-27T00:05:08.131Z","last_activity_at":"2016-09-27T00:05:08.723Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":812,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
182
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
183
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215658","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-26T23:51:35.266Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
184
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
185
|
+
or using an array index, but the product does not validate or incorrectly
|
|
186
|
+
validates the index to ensure the index references a valid position within
|
|
187
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"415035","type":"report","attributes":{"title":"greergregreg","state":"new","created_at":"2016-09-26T19:49:53.207Z","vulnerability_information":"ergrgre\n\n##
|
|
188
|
+
Impact\n\ngregreer","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-26T19:49:53.410Z","first_program_activity_at":"2016-09-26T19:49:53.410Z","last_program_activity_at":"2016-09-26T19:53:19.020Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-26T19:53:19.020Z","last_activity_at":"2016-09-26T19:53:20.310Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":205,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
189
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
190
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"215530","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-26T19:49:53.250Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
|
191
|
+
Force","description":"The software does not implement sufficient measures
|
|
192
|
+
to prevent multiple failed authentication attempts within in a short time
|
|
193
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412631","type":"report","attributes":{"title":"jt","state":"new","created_at":"2016-09-22T00:33:43.979Z","vulnerability_information":"yjt\n\n##
|
|
194
|
+
Impact\n\ntyj","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:33:44.071Z","first_program_activity_at":"2016-09-22T00:33:44.071Z","last_program_activity_at":"2016-09-22T00:33:56.364Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:33:56.364Z","last_activity_at":"2016-09-22T00:33:57.403Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
195
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
196
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213177","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:33:44.028Z"}}},"weakness":{"data":{"id":"10","type":"weakness","attributes":{"name":"Buffer
|
|
197
|
+
Under-read","description":"The software reads from a buffer using buffer access
|
|
198
|
+
mechanisms such as indexes or pointers that reference memory locations prior
|
|
199
|
+
to the targeted buffer.","external_id":"cwe-127","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412630","type":"report","attributes":{"title":"hfg","state":"new","created_at":"2016-09-22T00:32:25.134Z","vulnerability_information":"ghgfh\n\n##
|
|
200
|
+
Impact\n\nhgfgfh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:32:25.284Z","first_program_activity_at":"2016-09-22T00:32:25.284Z","last_program_activity_at":"2016-09-22T00:32:25.284Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:32:25.284Z","last_activity_at":"2016-09-22T00:32:25.284Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
201
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213176","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:32:25.185Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
202
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
203
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412629","type":"report","attributes":{"title":"hfghgfh","state":"new","created_at":"2016-09-22T00:31:06.361Z","vulnerability_information":"hfghfg\n\n##
|
|
204
|
+
Impact\n\nhgfgh","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:31:06.480Z","first_program_activity_at":"2016-09-22T00:31:06.480Z","last_program_activity_at":"2016-09-22T00:31:21.708Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:31:21.708Z","last_activity_at":"2016-09-22T00:31:23.038Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
205
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
206
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213175","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:31:06.427Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
207
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
208
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412628","type":"report","attributes":{"title":"fgdgfdfgd","state":"new","created_at":"2016-09-22T00:29:45.651Z","vulnerability_information":"gfdgfdfggfd\n\n##
|
|
209
|
+
Impact\n\nfgdfgdfgdfgd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-22T00:29:45.767Z","first_program_activity_at":"2016-09-22T00:29:45.767Z","last_program_activity_at":"2016-09-22T00:30:17.747Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:30:17.747Z","last_activity_at":"2016-09-22T00:30:18.925Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":0,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
210
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
211
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213174","type":"severity","attributes":{"rating":"high","author_type":"User","user_id":175595,"created_at":"2016-09-22T00:29:45.705Z"}}},"weakness":{"data":{"id":"7","type":"weakness","attributes":{"name":"Buffer
|
|
212
|
+
Underflow","description":"The software writes to a buffer using an index or
|
|
213
|
+
pointer that references a memory location prior to the beginning of the buffer.","external_id":"cwe-124","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"412553","type":"report","attributes":{"title":"fgdfgdfgd","state":"new","created_at":"2016-09-21T19:00:54.504Z","vulnerability_information":"gfdgfdfgd\n\n##
|
|
214
|
+
Impact\n\nfgdgfd","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T19:00:54.614Z","first_program_activity_at":"2016-09-21T19:00:54.614Z","last_program_activity_at":"2016-09-22T00:28:56.690Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-22T00:28:56.690Z","last_activity_at":"2016-09-22T00:28:58.458Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":17945,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
215
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
216
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"213079","type":"severity","attributes":{"rating":"medium","author_type":"User","user_id":175595,"created_at":"2016-09-21T19:00:54.556Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
|
217
|
+
Force","description":"The software does not implement sufficient measures
|
|
218
|
+
to prevent multiple failed authentication attempts within in a short time
|
|
219
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411276","type":"report","attributes":{"title":"Demo
|
|
220
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T22:37:10.591Z","vulnerability_information":"In
|
|
221
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
|
222
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
|
223
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
|
224
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
|
225
|
+
allows us to run an external script on your website that for example steals
|
|
226
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
|
227
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T22:37:12.860Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T22:37:12.860Z","last_activity_at":"2016-09-21T22:37:12.860Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
|
228
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"85049","type":"user","attributes":{"username":"brentjo-gh","name":"Brent
|
|
229
|
+
Johnson","disabled":false,"created_at":"2016-06-14T20:01:30.891Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":"","website":null,"location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
230
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
231
|
+
or using an array index, but the product does not validate or incorrectly
|
|
232
|
+
validates the index to ensure the index references a valid position within
|
|
233
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"411263","type":"report","attributes":{"title":"Demo
|
|
234
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-09-18T21:17:14.574Z","vulnerability_information":"In
|
|
235
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
|
236
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
|
237
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
|
238
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
|
239
|
+
allows us to run an external script on your website that for example steals
|
|
240
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
|
241
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-09-21T21:17:28.659Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-09-21T21:17:28.659Z","last_activity_at":"2016-09-21T21:17:28.659Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
|
242
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"175595","type":"user","attributes":{"username":"anglinb_x0rsd","name":"Brian
|
|
243
|
+
Anglin","disabled":false,"created_at":"2017-06-13T18:42:14.025Z","profile_picture":{"62x62":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","82x82":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","110x110":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png","260x260":"/assets/avatars/default-71a302d706457f3d3a31eb30fa3e73e6cf0b1d677b8fa218eaeaffd67ae97918.png"},"signal":null,"impact":null,"reputation":null,"bio":null,"website":null,"location":null,"hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
244
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
245
|
+
or using an array index, but the product does not validate or incorrectly
|
|
246
|
+
validates the index to ensure the index references a valid position within
|
|
247
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"391124","type":"report","attributes":{"title":"HACK
|
|
248
|
+
FOUND","state":"new","created_at":"2016-08-07T00:13:41.128Z","vulnerability_information":"YOU
|
|
249
|
+
HAVE BEEN HACKED LOLOLOLOL\n\n## Impact\n\nHACK YOU","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-07T00:13:41.292Z","first_program_activity_at":"2016-08-07T00:13:41.292Z","last_program_activity_at":"2016-08-07T00:13:41.292Z","bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-07T00:13:41.292Z","last_activity_at":"2016-08-07T00:13:41.292Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":null,"timer_first_program_response_miss_at":null,"timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":null,"timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":null,"timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul
|
|
250
|
+
Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"bio":"Application
|
|
251
|
+
Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"severity":{"data":{"id":"192505","type":"severity","attributes":{"rating":"critical","author_type":"User","user_id":291079,"created_at":"2016-08-07T00:13:41.194Z"}}},"weakness":{"data":{"id":"31","type":"weakness","attributes":{"name":"Brute
|
|
252
|
+
Force","description":"The software does not implement sufficient measures
|
|
253
|
+
to prevent multiple failed authentication attempts within in a short time
|
|
254
|
+
frame, making it more susceptible to brute force attacks.","external_id":"cwe-307","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}},{"id":"389780","type":"report","attributes":{"title":"Demo
|
|
255
|
+
report: XSS in GitHub test home page","state":"new","created_at":"2016-08-02T21:24:11.500Z","vulnerability_information":"In
|
|
256
|
+
some ***fantasy world***, the home page of GitHub test is vulnerable to an
|
|
257
|
+
*imaginary* Cross-Site Scripting attack.\n\n1. Visit home page of GitHub test\n2.
|
|
258
|
+
Open the browser''s javascript console\n3. Type `alert(/xss!/)` and press
|
|
259
|
+
enter\n4. Profit!\n\n## Impact\n\nIn our fantasy world, exploiting this vulnerability
|
|
260
|
+
allows us to run an external script on your website that for example steals
|
|
261
|
+
the cookies of the users that''s facing the XSS and thus gaining access to
|
|
262
|
+
the account of the victim.","triaged_at":null,"closed_at":null,"last_reporter_activity_at":"2016-08-05T21:24:26.989Z","first_program_activity_at":null,"last_program_activity_at":null,"bounty_awarded_at":null,"swag_awarded_at":null,"disclosed_at":null,"reporter_agreed_on_going_public_at":null,"last_public_activity_at":"2016-08-05T21:24:26.989Z","last_activity_at":"2016-08-05T21:24:26.989Z","source":null,"timer_bounty_awarded_elapsed_time":null,"timer_bounty_awarded_miss_at":"2016-09-14T21:24:11.500Z","timer_first_program_response_miss_at":"2016-08-03T21:24:11.500Z","timer_first_program_response_elapsed_time":null,"timer_report_resolved_miss_at":"2016-09-14T21:24:11.500Z","timer_report_resolved_elapsed_time":null,"timer_report_triage_miss_at":"2016-08-06T21:24:11.500Z","timer_report_triage_elapsed_time":null},"relationships":{"reporter":{"data":{"id":"3683","type":"user","attributes":{"reputation":100,"username":"demo-hacker","name":"Demo
|
|
263
|
+
Hacker","disabled":false,"created_at":"2014-03-17T20:14:25.383Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/003/683/34dc17c69760632eba8908c6bc708eb7a20edee3_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBbW9JIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--0dc7e2aa9a0c1277dbf407cc92e3c7a747000360/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/demo_researcher.png"},"bio":"","website":null,"location":"support@hackerone.com","hackerone_triager":false}}},"assignee":{"data":{"id":"291079","type":"user","attributes":{"username":"rzhade3","name":"Rahul
|
|
264
|
+
Zhade","disabled":false,"created_at":"2016-06-12T17:43:40.852Z","profile_picture":{"62x62":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/00311c7541dfa131115f58f065f11f090f520e0a33b1f347ea385ca21df6c866","82x82":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/a15c8fdab95ed5efd5f3d61e531298869f767d9203f8ea9df2bac929a5d32138","110x110":"https://profile-photos.hackerone-user-content.com/variants/000/291/079/b79c3c343130bd631131f690e2f04bc0d1fde8bf_original.png/f629ebe2df46e889024aaf8300daaf0a87b022ffe456d28aeaaf493f642fad04","260x260":"https://hackerone.com/rails/active_storage/representations/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdW1YIiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ccec2bdbe3c2291cc1ccf84fb84723b0809a1cb6/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCam9MY21WemFYcGxTU0lOTWpZd2VESTJNRDRHT2daRlZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--ca58b682eb143812bd02e73931fa257f14be59fe/octocat.png"},"signal":null,"impact":null,"reputation":null,"bio":"Application
|
|
265
|
+
Security @GitHub","website":"https://zhade.dev","location":"","hackerone_triager":false}}},"program":{"data":{"id":"11767","type":"program","attributes":{"handle":"github","created_at":"2016-04-15T17:10:31.261Z","updated_at":"2020-12-18T19:50:20.105Z"}}},"weakness":{"data":{"id":"12","type":"weakness","attributes":{"name":"Array
|
|
266
|
+
Index Underflow","description":"The product uses untrusted input when calculating
|
|
267
|
+
or using an array index, but the product does not validate or incorrectly
|
|
268
|
+
validates the index to ensure the index references a valid position within
|
|
269
|
+
the array.","external_id":"cwe-129","created_at":"2017-01-05T01:51:19.000Z"}}},"bounties":{"data":[]},"custom_field_values":{"data":[]}}}],"links":{}}'
|
|
270
|
+
recorded_at: Tue, 26 Jan 2021 01:59:08 GMT
|
|
271
|
+
recorded_with: VCR 6.0.0
|
data/lib/hackerone/client.rb
CHANGED
|
@@ -84,19 +84,26 @@ module HackerOne
|
|
|
84
84
|
#
|
|
85
85
|
# program: the HackerOne program to search on (configure globally with Hackerone::Client.program=)
|
|
86
86
|
# since (optional): a time bound, don't include reports earlier than +since+. Must be a DateTime object.
|
|
87
|
+
# before (optional): a time bound, don't include reports later than +before+. Must be a DateTime object.
|
|
87
88
|
# state (optional): state that a report is in, by default new
|
|
88
89
|
#
|
|
89
90
|
# returns all open reports or an empty array
|
|
90
|
-
def reports(since: 3.days.ago, state: :new)
|
|
91
|
+
def reports(since: 3.days.ago, before: nil, state: :new)
|
|
91
92
|
raise ArgumentError, "Program cannot be nil" unless program
|
|
92
93
|
raise ArgumentError, "State is invalid" unless REPORT_STATES.include?(state.to_s)
|
|
93
94
|
|
|
94
95
|
response = self.class.hackerone_api_connection.get do |req|
|
|
95
96
|
options = {
|
|
96
97
|
"filter[state][]" => state,
|
|
97
|
-
"filter[program][]" => program
|
|
98
|
-
"filter[created_at__gt]" => since.iso8601
|
|
98
|
+
"filter[program][]" => program
|
|
99
99
|
}
|
|
100
|
+
unless since.nil?
|
|
101
|
+
options["filter[created_at__gt]"] = since.iso8601
|
|
102
|
+
end
|
|
103
|
+
unless before.nil?
|
|
104
|
+
options["filter[created_at__lt]"] = before.iso8601
|
|
105
|
+
end
|
|
106
|
+
|
|
100
107
|
req.url "reports", options
|
|
101
108
|
end
|
|
102
109
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hackerone-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.21.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Neil Matatall
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-02-
|
|
11
|
+
date: 2021-02-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -152,6 +152,7 @@ files:
|
|
|
152
152
|
- fixtures/vcr_cassettes/programs.yml
|
|
153
153
|
- fixtures/vcr_cassettes/report.yml
|
|
154
154
|
- fixtures/vcr_cassettes/report_list.yml
|
|
155
|
+
- fixtures/vcr_cassettes/report_list_before.yml
|
|
155
156
|
- fixtures/vcr_cassettes/report_list_triaged.yml
|
|
156
157
|
- fixtures/vcr_cassettes/reporters.yml
|
|
157
158
|
- fixtures/vcr_cassettes/server_error.yml
|