Scam Alert: gifty.nl — Dependency Confusion Vulnerability
Company / Program: gifty.nl
Platform: Self-Hosted · Severity: high · Scam type: no-payout
Published:
Reported by: detox56
So basically I found there npm org was exposed on a .js file then I claimed it then reported responsibly with actual code execution but they aren't ready to accept the report now they are saying remove the org otherwise they will take legal actions this is not my first report of dependency confusion i received many bounties from companies for this issues so beware don't hunt on this program