Reddit Program Statistics

View program

14 total issues disclosed

$21,200 total paid publicly

Most disclosed (2 disclosures) — Business Logic Errors

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Image queue default key of 'None' and GraphQL unhandled type exception Type Confusion moblig Medium 2021-10-27
Outsider can affect Upvote Percentage of private subreddit post by calling /api/vote API Improper Access Control - Generic trieulieuf9 Low 2021-10-27
Third party app could steal access token as well as protected files using inAppBrowser Information Disclosure rahulkankrale Medium 2021-10-27
Race condition leads to Inflation of coins when bought via Google Play Store at endpoint https://oauth.reddit.com/api/v2/gold/android/verify_purchase Time-of-check Time-of-use (TOCTOU) Race Condition yashrs Medium 2021-10-27
Missing rate limit in current password change settings leads to Account takeover Brute Force m0hacks Medium 2021-10-27
Deleting all DMs on RedditGifts.com Insecure Direct Object Reference (IDOR) parasimpaticki High 2021-10-21
s3 bucket takeover presented in https://github.com/reddit/rpan-studio/blob/e1782332c75ecb2f774343258ff509788feab7ce/CI/full-build-macos.sh Business Logic Errors bhatiagaurav1211 High 2021-10-21
GPS metadata preserved when converting HEIF to PNG Privacy Violation ianonavy High 2021-10-21
Hash-Collision Denial-of-Service Vulnerability in Markdown Parser Denial of Service nicolaas Medium 2021-10-21
[dubmash] Lack of authorization checks - Update Sound Titles Improper Authorization sandeep_rj49 High 2021-10-21
IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter Business Logic Errors yanouhd Medium 2021-10-21
No Rate Limit on redditgifts gift when Adding Comment Violation of Secure Design Principles bhatiagaurav1211 Low 2021-10-21
Domain Takeover of Reddit.ru via DNS Hijacking Improper Access Control - Generic faberge Medium 2021-10-21
User Account has been taken out Weak Cryptography for Passwords ravitejag Critical 2021-10-21