Back to directory

WRITEUP #1206

Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot

OtherDependency confusion

byGiraffe Security

Bounty

2,500

Program

GitHub

Published

May 6, 2023

Added to HackDex

May 8, 2023

Read Full Writeuphttps://giraffesecurity.dev/posts/dependabot-confusion/

▸ RELATED WRITEUPS

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Data Theft in Salesforce: Manipulating Public Links

OtherSOQL injection

When Certificates Fail: A Story of Bypassed MFA in Remote Access

Other2FA / MFA bypass

SSTI in Bug Bounty Program: The Time I Played with Handlebars and Broke Stuff

Ghost In The Ppl Part 1: Byovdll

OtherUse-After-Free

Built with ❤️ by Shubham Rawat