Aspen


9 total issues disclosed

$0 total paid publicly


Most disclosed (3 disclosures) — None supplied

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Session does't get expired after changing the password in https://readthedocs.org None supplied kalyani64 No rating 2017-11-16
Email Spoofing Violation of Secure Design Principles abartan Low 2017-11-09
Information leakage on django.aspen.io Information Disclosure rey_7 No rating 2017-09-29
client_secret Token disclosure None supplied yumi No rating 2017-09-28
No Rate Limit (Leads to huge email flooding/email bombing) Improper Access Control - Generic saikiran-10099 Medium 2017-09-28
Password reset token leak on third party website via Referer header Violation of Secure Design Principles akaash_pantherdefence Medium 2017-09-27
Cross-origin resource sharing (CORS) Improper Access Control - Generic nn1 None 2017-09-27
Server Path Disclosure None supplied krazyhack3r No rating 2017-09-27
aspen | clickjacking UI Redressing (Clickjacking) punkit Low 2017-09-27