We are most interested in the following classes of vulnerability
The following is considered out of scope and will not receive a bounty
GNU Wget project maintainers will determine whether a reported issue is considered a security vulnerability and give it a security rating of Low, Moderate, High, or Critical based on its ease of exploitation, resulting attacker control, and commonality of required configuration.
The BountyGraph Panel will have final say on the amount paid out for the vulnerability, but will base this decision on GNU Wget’s final assessment of the bug.
Only commonly used versions of GNU Wget are eligible for bounty submissions and only if the issue isn't already fixed in the latest source codes. So please ensure your exploit is still present in recent versions (better: latest sources from master branch) when you submit your bounty.
Please remember that not all submissions will qualify for a bounty. Generally only the first valid report of a particular bug will be accepted, and the final decision of the bounty reward is at the discretion of the Panel.
Bounties are paid to hackers and project maintainers at the discretion of the funding organizations and the BountyGraph team. To be eligible for a bounty, each submission must meet BountyGraph's report guidelines.