BrowserStack Community take all security vulnerabilities seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure. We will make every effort to acknowledge your contributions.

Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, report it by emailing the BrowserStack security team at:

security@browserstack.com

Please include as much of the information listed below as you can to help us better understand and resolve the issue:

• The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
• Full paths of source file(s) related to the manifestation of the issue
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

This information will help us triage your report more quickly.

• Do not take advantage of the vulnerability or problem you have discovered.
• Do not reveal the problem to others until it has been resolved.
• Do not use other channels or contact project contributors directly.

When the security team receives a security bug report, they will assign it to the concerned team. This team will coordinate the fix and release process, involving the following steps:

• Confirm the problem and determine the affected versions.
• Audit code to find any potential similar problems.
• These fixes will be released as fast as possible.

Vulnerabilities found in this software are not eligible for any kind of bounty rewards and BrowserStack will not be responsible for issuing any CVE for the found security issue.