Curve Program Statistics
2 total issues disclosed
$2,500 total paid publicly
Most disclosed (1 disclosures) — Business Logic Errors
Disclosed Reports
Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
---|---|---|---|---|
Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us | Cleartext Transmission of Sensitive Information | praseudo7 | Medium | 2020-10-23 |
Business Logic Flaw - A non premium user can change/update retailers to get cashback on all the retailers associated with Curve | Business Logic Errors | praseudo7 | Medium | 2020-07-24 |