Skip to content

Security: blee0/juice-shop

Security

SECURITY.md

Security Policy

OWASP Juice Shop is an intentionally vulnerable web application, but we still do not want to be suprised by zero day vulnerabilities which are not part of our hacking challenges. We are following the proposed Internet standard https://securitytxt.org so you can find our "security" policy in any running instance of the application at the expected location described in https://tools.ietf.org/html/draft-foudil-securitytxt-06. Finding it is actually one of our hacking challenges!

Supported Versions

We provide security patches for the latest released minor version.

Version Supported
12.3.x
<12.3

Reporting a Vulnerability

For vulnerabilities which are not part of any hacking challenge please contact bjoern.kimminich@owasp.org. In all other cases please contact our shop's "security team" at the address mentioned in our security.txt file.

Instead of fixing reported vulnerabilities we might turn them into hacking challenges! You might receive a reward for reporting a vulnerability that makes it into one of our challenges!

There aren’t any published security advisories