bug-bounty622
facebook464
xss316
google151
rce105
microsoft97
apple65
csrf61
account-takeover54
web354
writeup51
exploit42
sqli41
cve37
ssrf35
cloudflare33
dos33
malware29
privilege-escalation29
defi28
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
smart-contract23
clickjacking23
access-control21
node21
vulnerability-disclosure21
browser20
auth-bypass20
lfi19
aws19
remote-code-execution18
react17
cloud17
reverse-engineering16
cors16
docker16
oauth15
info-disclosure15
race-condition15
solidity14
authentication-bypass14
supply-chain13
phishing13
wordpress12
denial-of-service11
sql-injection11
delegatecall11
0
vulnerability
A researcher discovered a Server-Side Request Forgery (SSRF) vulnerability in Google Sites' Caja server that allowed fetching arbitrary resources from Google's internal Borg cluster management network, exposing sensitive information about internal infrastructure including job details, system users, and resource allocation. The vulnerability was reported to Google's VRP and patched within 48 hours.
ssrf
server-side-request-forgery
xss
cross-site-scripting
google-caja
google-sites
internal-network
borg
cluster-management
information-disclosure
vulnerability-disclosure
google-app-engine
private-ip
borglet
kubernetes
container-security
gvisor
Google
Google Sites
Google Caja
Google App Engine
Borg
Kubernetes
Gvisor
Google VRP
MapReduce
BitTable
Flume
GFS