I take security bugs in code seriously. I appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
If you believe you have found a security vulnerability in any this repository please report it to me as described below.
Please do not report security vulnerabilities through public GitHub issues.
Instead, to report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" form.
You should receive a response within 48 hours. If, for some reason, you do not please feel free to follow up via email to ensure I received your report.
Where possible please include the requested information listed below to help me better understand the nature and scope of the possible issue:
-
Step-by-step instructions to reproduce the issue
-
Proof-of-concept or exploit code (if possible)
-
Full paths of source file(s) related to the issue
-
The location of the affected source code (tag/branch/commit or direct URL)
-
Any special configuration required to reproduce the issue
-
Impact of the issue, including how an attacker might exploit the issue
-
This information will help me triage your report more quickly.