Dark C0d3rs
HackerOne Disclosed Reports - 2026-03-30 - Printable Version

+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-03-30 (/Thread-HackerOne-Disclosed-Reports-2026-03-30)

HackerOne disclosed reports - 2026-03-30 - hashXploiter - 03-31-2026

Logo
High
resolved

SSRF Filter Bypass via Unblocked NAT64 Local-Use IPv6 Prefix (64:ff9b:1::/48)


Bug reported by tipsen was disclosed at March 31, 2026, 2:31 am   |   Server-Side Request Forgery (SSRF)

A vulnerability was discovered in the `ssrf_filter` library version 1.3.0. The library failed to block the NAT64 local-use IPv6 prefix `64:ff9b:1::/48`, allowing such addresses to be treated as public. This enabled SSRF requests through `/fetch` to targets encoded under that prefix when routable in the deployment environment.


Logo
Medium
resolved

Path Traversal in writeFile via Unsafe Prefix Containment Check Allows Out-of-Directory Writes


Bug reported by tipsen was disclosed at March 31, 2026, 2:04 am   |   Path Traversal

A path traversal vulnerability was discovered in the `protodump` tool. The vulnerability allowed an attacker to influence the output filename construction and bypass the containment check, enabling writes outside the intended output directory. The vulnerability was caused by the use of descriptor-controlled paths in the output filename construction, along with an unsafe lexical prefix check for directory containment. This issue has been identified in the `protodump` tool.


Logo
Medium
resolved

HashDoS in V8


Bug reported by Mate Marjanović was disclosed at March 30, 2026, 4:44 pm   |   Cryptographic Issues - Generic


Logo
Low
resolved

Permission Model Bypass in realpathSync.native Allows File Existence Disclosure


Bug reported by Huseyin Tintas was disclosed at March 30, 2026, 4:44 pm   |   Information Disclosure


Logo
Medium
resolved

Timing side-channel in HMAC verification via memcmp() in crypto_hmac.cc leads to potential MAC forgery


Bug reported by George Gherasim was disclosed at March 30, 2026, 4:42 pm   |   Cryptographic Issues - Generic


Logo
Medium
resolved

Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net`


Bug reported by XavLimSG was disclosed at March 30, 2026, 4:42 pm   |   Improper Access Control - Generic


Logo
High
resolved

Denial of Service via `__proto__` header name in `req.headersDistinct` (Uncaught `TypeError` crashes Node.js process)


Bug reported by 陳昱昇 was disclosed at March 30, 2026, 4:42 pm   |   Uncontrolled Resource Consumption


Logo
Low
resolved

CVE-2024-36137 Patch Bypass - FileHandle.chmod/chown


Bug reported by wooseok was disclosed at March 30, 2026, 4:42 pm   |   Improper Access Control - Generic


Logo
Medium
resolved

Memory leak in Node.js HTTP/2 server via WINDOW_UPDATE on stream 0 leads to resource exhaustion


Bug reported by Gal Bar Nahum was disclosed at March 30, 2026, 4:41 pm   |   Missing Release of Memory after Effective Lifetime