RCE due to Dependency Confusion — $5000 bounty!

Chevon Phillip
2 min readMay 10, 2023

Hey everyone! I’m back with another cool write-up about a bug bounty report I submitted to a private program on HackerOne. Guess what? I got a $5,000 reward and they took care of it in just 30 minutes!

I won’t go into the nitty-gritty of dependency confusion since there are plenty of awesome write-ups out there that cover it.

--

--

Chevon Phillip

Application Security Engineer. I helped secure top companies and organizations.