bug-bounty473
google371
microsoft318
facebook271
xss267
rce184
apple178
malware177
exploit165
cve122
account-takeover110
bragging-post102
phishing85
csrf85
privilege-escalation83
browser71
supply-chain69
stored-xss65
authentication-bypass64
dos64
react58
reflected-xss57
cloudflare52
reverse-engineering50
access-control48
node48
input-validation48
aws48
cross-site-scripting48
writeup47
docker46
ssrf45
smart-contract45
ethereum44
web-security43
sql-injection43
defi43
web343
oauth41
web-application41
lfi38
info-disclosure37
pentest37
race-condition37
idor35
burp-suite35
auth-bypass35
vulnerability-disclosure34
cloud34
html-injection33
0
8/10
vulnerability
A server-side template injection vulnerability in Handlebars template engine was discovered in the Shopify Return Magic app's email workflow feature, allowing remote code execution through prototype pollution and Object.prototype manipulation to bypass sandbox restrictions and execute arbitrary Node.js code.
template-injection
server-side-template-injection
remote-code-execution
handlebars
javascript-sandbox-escape
prototype-pollution
object-constructor-exploitation
nodejs
shopify-app
bug-bounty
Handlebars
Shopify
Return Magic
HackerOne
H1-514
Synack
TrendMicro
Matias