Node.js Bug Bounty Program Statistics | BugBountyHunter.com

Node.js Program Statistics

18 total issues disclosed

$2,400 total paid publicly

Most disclosed (4 disclosures) — HTTP Request Smuggling

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
HTTP Request Smuggling due to ignoring chunk extensions	HTTP Request Smuggling	mkg	Medium	2021-11-02
HTTP Request Smuggling due to accepting space before colon	HTTP Request Smuggling	mkg	Medium	2021-10-20
Built-in TLS module unexpectedly treats "rejectUnauthorized: undefined" as "rejectUnauthorized: false", disabling all certificate validation	Improper Certificate Validation	pimterry	Low	2021-09-10
OOB read in libuv	Buffer Over-read	ericsesterhenn	Medium	2021-07-05
Node Installer Local Privilege Escalation	Privilege Escalation	deepsurface-robert	Medium	2021-07-01
HTTP Request Smuggling due to CR-to-Hyphen conversion	HTTP Request Smuggling	amitklein	High	2020-10-17
Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests	Denial of Service	shogunpanda	Critical	2020-10-17
Slowloris, body parsing	Denial of Service	underflow0	Low	2020-10-17
`fs.realpath.native` on darwin may cause buffer overflow	Classic Buffer Overflow	ashi009	Medium	2020-10-17
Malformed HTTP/2 SETTINGS frame leads to reachable assert	Denial of Service	jzebor	Critical	2020-07-03
napi_get_value_string_X allow various kinds of memory corruption	Memory Corruption - Generic	tniessen	High	2020-07-02
Node.js: TLS session reuse can lead to hostname verification bypass	Man-in-the-Middle	fwilhelm	High	2020-06-03
HTTP request smuggling using malformed Transfer-Encoding header	HTTP Request Smuggling	erubinson	Critical	2020-03-07
HTTP header values do not have trailing OWS trimmed	Improper Input Validation	alyssawilk	High	2020-02-24
Remotely trigger an assertion on a TLS server with a malformed certificate string	Improper Certificate Validation	rogierschouten	Critical	2020-02-06
Http request splitting	HTTP Response Splitting	arkadiyt	Medium	2020-01-15
Your page has 2 blocking CSS resources. This causes a delay in rendering your page.	Array Index Underflow	joy271	Critical	2018-07-15
registry.nodejs.org Subdomain Takeover	Man-in-the-Middle	dade	No rating	2018-05-04