Shopify-scripts


Most disclosed vulnerability type (80 disclosures) — Denial of Service

ston3 has disclosed the most with 27 reports!

157 total issues disclosed

$445,600 total paid publicly


Accepts reports via HackerOne

Shopify-scripts's top public payouts




Most recently disclosed


heap-use-after-free in OP_RESCUE

@ Submitted by ahihi
Bug Type: Use After Free

Disclosed on 2018-01-17

Rating: No rating


heap-buffer-overflow in OP_R_BREAK

@ Submitted by ahihi
Bug Type: Heap Overflow

Disclosed on 2018-01-17

Rating: None


SEGV on ary_concat

@ Submitted by ahihi
Bug Type: Memory Corruption - Generic

Disclosed on 2018-01-17

Rating: No rating


mruby heredoc notation

@ Submitted by j0s3
Bug Type: Denial of Service

Disclosed on 2018-01-11

Rating: No rating


Invalid read leading to a segfault

@ Submitted by dgaletic
Bug Type: Out-of-bounds Read

Disclosed on 2017-12-28

Rating: Low


Clearing , Shifting and Pop Value from Frozen Array

@ Submitted by an0n-j
Bug Type: Violation of Secure Design Principles

Disclosed on 2017-08-30

Rating: None


Use after free in mruby-mpdecimal

@ Submitted by haquaman
Bug Type: Use After Free

Disclosed on 2017-07-06

Rating: No rating


Null pointer dereference with send/method_missing

@ Submitted by titanous
Bug Type: NULL Pointer Dereference

Disclosed on 2017-06-23

Rating: No rating


Invalid Pointer reference in L_RESCUE

@ Submitted by locator
Bug Type: Denial of Service

Disclosed on 2017-06-02

Rating: No rating


OP_SCALL in LHS of a OP_ASGN resulting in arbitrary memory write

@ Submitted by avisaven
Bug Type: Write-what-where Condition

Disclosed on 2017-05-30

Rating: Critical


Heap Overflow in fiber_switch triggered from Fiber.transfer

@ Submitted by avisaven
Bug Type: Heap Overflow

Disclosed on 2017-05-30

Rating: High


heap-use-after-free in mrb_vm_exec - vm.c:1247

@ Submitted by ilsani
Bug Type: Memory Corruption - Generic

Disclosed on 2017-05-21

Rating: Medium


SIGSEGV in mrb_class

@ Submitted by ston3
Bug Type: NULL Pointer Dereference

Disclosed on 2017-05-13

Rating: No rating


Crash in ary_concat()

@ Submitted by mg36
Bug Type: None supplied

Disclosed on 2017-05-13

Rating: No rating


SIGSEGV in mrb_vm_exec

@ Submitted by ston3
Bug Type: NULL Pointer Dereference

Disclosed on 2017-05-13

Rating: No rating