Before reporting any vulnerabilities, ensure that said vulnerability follows these guidelines.
Do report if:
- Said vulnerabilities allowing external individuals to remotely gain access to the server.
- Example: Privilege escallation, downloading user data.
- Said vulnerabilities result in severe client-side exploits
- Example: Remote code execution.
Don't report if:
- The vulnerability relies on physical access to a given machine
- The vulnerability relies on phishing or pharming attacks.
When disclosing a security vulnerability, you can send it to us via these methods:
- Email us at (TODO: ADD EMAIL (LEA GET OFF DESTINY))
- Write up a security advisory on the relevant repository
- Directly message a relevant developer
Additionally, provide us the following information:
- The type of security vulnerability it falls under
- The severity of the vulnerability
- Replication steps
- (Optionally) A program or config that automatically replicates the problem.