Duckduckgo


reports in last 90 days

8

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

High Partial bypass of #483774 with Blind XXE on https://duckduckgo.com

XML External Entities (XXE) mik317 Issue was not triaged


Time to close: 1 Days and 21 hours
Resolved

Critical XXE on https://duckduckgo.com

XML External Entities (XXE) mik317 Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 12 hours
Resolved

Critical XXE on https://duckduckgo.com

XML External Entities (XXE) mik317 Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 12 hours
Resolved

High DOM XSS on 50x.html page on proxy.duckduckgo.com

Cross-site Scripting (XSS) - DOM smither Time to triage: 12 Days and 23 hours


Time to close: 0 Days and 0 hours
Resolved

Critical SSRF vulnerability on proxy.duckduckgo.com (access to metadata server on AWS)

None supplied cujanovic Time to triage: 0 Days and 21 hours


Time to close: 0 Days and 9 hours
Resolved

High SSRF on duckduckgo.com/iu/

Server-Side Request Forgery (SSRF) d0nut Time to triage: 0 Days and 7 hours


Time to close: 1 Days and 14 hours
Resolved

High DOM XSS on 50x.html page

Cross-site Scripting (XSS) - DOM cujanovic Time to triage: 22 Days and 6 hours


Time to close: 19 Days and 19 hours
Resolved

High SSRF in proxy.duckduckgo.com via the image_host parameter

Server-Side Request Forgery (SSRF) fpatrik Time to triage: 1 Days and 0 hours


Time to close: 3 Days and 23 hours
Resolved