Reddit


14 total issues disclosed

$21,200 total paid publicly


Most disclosed (2 disclosures) — Business Logic Errors

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Image queue default key of 'None' and GraphQL unhandled type exception Type Confusion moblig Medium 2021-10-27
Outsider can affect Upvote Percentage of private subreddit post by calling /api/vote API Improper Access Control - Generic trieulieuf9 Low 2021-10-27
Third party app could steal access token as well as protected files using inAppBrowser Information Disclosure rahulkankrale Medium 2021-10-27
Race condition leads to Inflation of coins when bought via Google Play Store at endpoint https://oauth.reddit.com/api/v2/gold/android/verify_purchase Time-of-check Time-of-use (TOCTOU) Race Condition yashrs Medium 2021-10-27
Missing rate limit in current password change settings leads to Account takeover Brute Force m0hacks Medium 2021-10-27
Deleting all DMs on RedditGifts.com Insecure Direct Object Reference (IDOR) parasimpaticki High 2021-10-21
s3 bucket takeover presented in https://github.com/reddit/rpan-studio/blob/e1782332c75ecb2f774343258ff509788feab7ce/CI/full-build-macos.sh Business Logic Errors bhatiagaurav1211 High 2021-10-21
GPS metadata preserved when converting HEIF to PNG Privacy Violation ianonavy High 2021-10-21
Hash-Collision Denial-of-Service Vulnerability in Markdown Parser Denial of Service nicolaas Medium 2021-10-21
[dubmash] Lack of authorization checks - Update Sound Titles Improper Authorization sandeep_rj49 High 2021-10-21
IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter Business Logic Errors yanouhd Medium 2021-10-21
No Rate Limit on redditgifts gift when Adding Comment Violation of Secure Design Principles bhatiagaurav1211 Low 2021-10-21
Domain Takeover of Reddit.ru via DNS Hijacking Improper Access Control - Generic faberge Medium 2021-10-21
User Account has been taken out Weak Cryptography for Passwords ravitejag Critical 2021-10-21