LINE


24 total issues disclosed

$108,177 total paid publicly


Most disclosed (5 disclosures) — Improper Access Control - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
DoS of LINE client for Android via message containing multiple unicode characters (0x0e & 0x0f) Denial of Service lynx_vn Medium 2021-09-24
Webview address bar spoofing in LINE client for iOS Phishing reinforchu Low 2021-09-15
Theft of arbitrary files in LINE Lite client for Android Improper Access Control - Generic hulkvision_ Medium 2021-07-06
Arbitrary Code Execution via npm misconfiguration – installing internal libraries from the public registry Code Injection alexbirsan Critical 2021-07-05
Webview in LINE client for iOS will render application/octet-stream files as HTML Improper Access Control - Generic s5s Medium 2021-07-05
Path traversal in ZIP extract routine on LINE Android Path Traversal kanytu Medium 2020-11-17
Improper Access Control in LINE Timeline API that returns a list of hidden friends Improper Access Control - Generic 66ed3gs Medium 2020-11-17
CORS misconfiguration leads to users information disclosure at https://studyroom.line.me Information Disclosure dhbd88 Medium 2020-11-13
Spring Actuator endpoints publicly available and broken authentication Misconfiguration kazan71p Critical 2020-08-06
Spring Actuator endpoints publicly available and broken authentication Misconfiguration kazan71p Critical 2020-08-06
Spring Actuator endpoints publicly available, leading to account takeover Misconfiguration kazan71p Critical 2020-08-04
Insufficient access control on all BCRM instances leading to the ability to create admin accounts using the API Improper Access Control - Generic j0eii High 2020-08-03
Insufficient access control on all BCRM instances leading to the ability to create admin accounts using the API Improper Access Control - Generic j0eii High 2020-08-03
Get-based SSRF limited to HTTP protocol on https://resizer.line-apps.com/form Server-Side Request Forgery (SSRF) ledz1996 Medium 2020-08-02
Path traversal in filename in LINE Mac client Path Traversal hackerontwowheels High 2020-07-31
Request smuggling on admin-official.line.me could lead to account takeover HTTP Request Smuggling shaolin_tw High 2020-05-19
Request smuggling on admin-official.line.me could lead to account takeover HTTP Request Smuggling shaolin_tw High 2020-05-19
Request smuggling on admin-official.line.me could lead to account takeover HTTP Request Smuggling shaolin_tw High 2020-05-19
Reflected XSS in OAUTH2 login flow Cross-site Scripting (XSS) - Reflected derision Medium 2020-04-21
Reflected XSS in OAUTH2 login flow Cross-site Scripting (XSS) - Reflected derision Medium 2020-04-21
Able to Become Admin for Any LINE Official Account Privilege Escalation ngalog Critical 2020-03-25
Able to Become Admin for Any LINE Official Account Privilege Escalation ngalog Critical 2020-03-25
SSRF on music.line.me through getXML.php Server-Side Request Forgery (SSRF) hahwul High 2020-03-25
DOM-based XSS on mobile.line.me Cross-site Scripting (XSS) - DOM zophi High 2020-03-25