Bug Bounties

Judge.me

Powered by: 

Allows bounty splitting: 

Average time to first program response: 25

Average time to bounty awarded null: 153

Average time to report resolved: 

Handle judgeme

Managed program: true

Name: Judge.me

Offers bounties: true

Offers swag: true

Response efficiency percentage: 94

Submission state: open

Url: https://hackerone.com/judgeme

Website: https://judge.me

In scope:

  • Asset identifier: https://bigcommerce-adapter.judge.me/
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is a simple, lightweight server, basically just to connect BigCommerce websites to our main asset ​https://judge.me/. Its entry point is from installing our BigCommerce app: https://www.bigcommerce.com/apps/product-reviews-by-judge-me/
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://cache.judge.me/
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is a simple NodeJS server, using Hapi framework. It's basically to store and cache our public widgets' HTML content, so that when end users want to fetch our widget content, they can fetch from this server directly, which is faster and more resilient to spikes in number of requests. Please see our [help desk article](https://support.judge.me/support/solutions/articles/44001816387-how-to-make-requests-to-the-judge-me-cache-server) on how to enable and use this server.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://judge.me/
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is the core part of our system. It hosts our main app [Judge.me Product Reviews](https://apps.shopify.com/judgeme) and is also the central point of communication for other assets.
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: https://judge.me/reviews
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is our new product. It is user (reviewer) facing, unlike the other assets, which are merchant facing. Its entry point is https://judge.me/reviews, and its pages are prefixed with https://judge.me/reviews.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://shop.judge.me/
  • Asset type: URL
  • Availability requirement: medium
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is lightweight, basically just to connect our other Shopify apps to our main asset ​https://judge.me/. Its entry point is https://shop.judge.me/login?app_key=ali_reviews or https://apps.shopify.com/aliexpress-review-importer
  • Integrity requirements: medium
  • Max severity: critical



  • Asset identifier: https://woocommerce-adapter.judge.me/
  • Asset type: URL
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is a simple, lightweight server, basically just to connect Wordpress websites (specifically WooCommerce websites) to our main asset ​https://judge.me/. Its entry point is from installing our Wordpress plugin: https://wordpress.org/plugins/judgeme-product-reviews-woocommerce/
  • Integrity requirements: high
  • Max severity: critical