bug-bounty448
google354
xss341
microsoft283
facebook246
apple171
exploit163
rce160
malware102
account-takeover95
cve91
bragging-post84
csrf83
browser77
writeup76
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
ssrf51
docker51
phishing50
aws48
access-control47
oauth45
smart-contract45
supply-chain44
ethereum43
defi42
web342
sql-injection41
lfi37
idor35
smart-contract-vulnerability32
vulnerability-disclosure32
web-application31
burp-suite31
reverse-engineering31
clickjacking31
race-condition31
info-disclosure31
wordpress30
cloud29
input-validation29
information-disclosure29
web-security27
solidity27
cors26
0
8/10
vulnerability
A server-side template injection vulnerability in Handlebars template engine was discovered in the Shopify Return Magic app's email workflow feature, allowing remote code execution through prototype pollution and Object.prototype manipulation to bypass sandbox restrictions and execute arbitrary Node.js code.
template-injection
server-side-template-injection
remote-code-execution
handlebars
javascript-sandbox-escape
prototype-pollution
object-constructor-exploitation
nodejs
shopify-app
bug-bounty
Handlebars
Shopify
Return Magic
HackerOne
H1-514
Synack
TrendMicro
Matias