It's vulnerable. Try to find out how
You can launch this exercise using docker:
Execute following stuff to get the source code and launch the application (one port will be exposed):
git clone ...
cd .
docker build -t .
docker run ...Also you should create .env file in the following format:
SECRET_KEY=<your-key>
FLAG="YELLOW{alw@y$_r3m0v3_d0cvm3n7@710n_1n_pr0d}"
ALWAYS_VALID_TOKEN=<generated-jwt-token-with-SECRET_KEY-that-is-always-valid>
ADMIN_EMAIL=admin@yellow.ctf
ADMIN_PASSWORD=Verylongpasswordtoadministratoraccount777