Aspen


reports in last 90 days

2

disclosed resolved issues

2

disclosed informative issues

4

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

No rating Session does't get expired after changing the password in https://readthedocs.org

None supplied kalyani64 Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

Low Email Spoofing

Violation of Secure Design Principles abartan Issue was not triaged


Time to close: 371 Days and 12 hours
Spam

Medium No Rate Limit (Leads to huge email flooding/email bombing)

Improper Access Control - Generic saikiran-10099 Issue was not triaged


Time to close: 0 Days and 11 hours
Not-applicable

No rating client_secret Token disclosure

None supplied yumi Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 0 hours
Resolved

No rating Information leakage on django.aspen.io

Information Disclosure rey_7 Issue was not triaged


Time to close: 0 Days and 1 hours
Not-applicable

Low aspen | clickjacking

UI Redressing (Clickjacking) punkit Issue was not triaged


Time to close: 0 Days and 0 hours
Not-applicable

No rating Server Path Disclosure

None supplied krazyhack3r Issue was not triaged


Time to close: 0 Days and 0 hours
Informative

None Cross-origin resource sharing (CORS)

Improper Access Control - Generic nn1 Issue was not triaged


Time to close: 0 Days and 0 hours
Not-applicable

Medium Password reset token leak on third party website via Referer header

Violation of Secure Design Principles akaash_pantherdefence Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 3 hours
Resolved