Scam Alert: Yatra.com — Yatra Bug Ignored
Company / Program: Yatra.com
Platform: Self-Hosted · Severity: critical · Scam type: ignored
Published:
Reported by: Unknown
bugs
IDOR,Race Condition, Business Logic Bugs,Rate Limiting, Cors
details
Earlier this year, I began reporting security vulnerabilities in Yatra through its responsible disclosure program.
My initial submissions included a rejected report and a CORS-related issue that was classified as an internal finding.
Despite providing additional clarification, I received little feedback. I continued testing and discovered several other vulnerabilities, including IDOR, Race Condition, Business Logic, and Rate Limiting issues.
After submitting detailed reports, months passed without meaningful responses, even after multiple follow-ups.
Recently, I revisited the affected functionality and found that the vulnerabilities I had reported were no longer reproducible. The previously vulnerable endpoints and workflows had been fixed, indicating that the reported issues were ultimately remediated after disclosure.