I take security seriously. If you believe that you have found a security vulnerability in any of my repositories that meets CVE.org's definition of "Vulnerability", please report it as described below.
Important
An instance of one or more weaknesses in a Product that can be exploited, causing a negative impact to confidentiality, integrity, or availability; a set of conditions or behaviors that allows the violation of an explicit or implicit security policy.
PLEASE DO NOT REPORT SECURITY VULNERABILITIES THROUGH PUBLIC GITHUB ISSUES
Instead, please report them to Sean Madden at [email protected]. If possible, encrypt your message with one of my PGP public keys available at https://spm.pub
9BF59DBBF87B6EA003D1B0083C73348B3992BBB9F69F4E002988A5DDF3D37AC1125EF0271E1BFE7E
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: User ID: Sean P. Madden <[email protected]>
Comment: Valid from: 2023-12-13 00:08
Comment: Type: 255-bit EdDSA (secret key available)
Comment: Usage: Signing, Encryption, Certifying User IDs, SSH Authentication
Comment: Fingerprint: 9BF59DBBF87B6EA003D1B0083C73348B3992BBB9
mDMEZXk8MRYJKwYBBAHaRw8BAQdAq92OCCcl5N4WT2004j8xWPnakVOgVBEs8+UA
Td0twK+0JFNlYW4gUC4gTWFkZGVuIDxzZWFuQHNlYW5tYWRkZW4ubmV0PoiTBBMW
CgA7FiEEm/Wdu/h7bqAD0bAIPHM0izmSu7kFAmV5PDECGwMFCwkIBwICIgIGFQoJ
CAsCBBYCAwECHgcCF4AACgkQPHM0izmSu7nC3QEAoD9RcCssE9g4JfCktQYCK2gl
5zq9qiiF+jURP1TQ/CEBALai+rxGgil/lRFdNM6JNTs+sEkv9cTYi101/Rh3wxMJ
uDMEZXk8MRYJKwYBBAHaRw8BAQdAdnYQrZcEUrEAQcYDkvmNwxXkokmpNgFl7srq
H1WzWSmIeAQYFgoAIBYhBJv1nbv4e26gA9GwCDxzNIs5kru5BQJleTwxAhsgAAoJ
EDxzNIs5kru5sRgBAPkQbQriu5mcORi0VAhbHm7adJaiTyexzcirXUhRTMwLAQCr
vAVPLUmnBZoRWDF8idMoApWCbgZQNO6ZvutJjkHVC7g4BGV5PDESCisGAQQBl1UB
BQEBB0ANnlQV+qQCpBr8QqowOP0Kr1Zh8HdCcDSXwppTFvgFGwMBCAeIeAQYFgoA
IBYhBJv1nbv4e26gA9GwCDxzNIs5kru5BQJleTwxAhsMAAoJEDxzNIs5kru51ckA
/iulBHMRZvIRgq7xk6DzI0gE/1NEz8nhtnTjQbenE64FAQCDry/HstnescuV+qVy
gsmA3k5isoJOk+6pTvYhurZ/Cg==
=1EXp
-----END PGP PUBLIC KEY BLOCK-----
You should receive a response within 24 hours. If for some reason you do not, please follow up to ensure I received your message.
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly.