At DerangedSenators, we take the security of our products and services seriously and this applies to all of our public and private GitHub repositories.
If you believe that you may have uncovered a vulnerability in any of our repositories, please report it directly to us.
Supported Versions
See the SECURITY.md file within the repository for a list of supported versions
Reporting a Vulnerability
Please do not report vulnerabilities through the public Issue/Discussion pages
Instead, please contact us directly here
Please include, in a zip file the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report more quickly. Additionally, please encrypt the zip file using our PGP key; this can be downloaded from our PGP Key Page
Submitting Patches for the Vulnerability
We would appreciate patches submitted with the vulnerability report as it would help us to push a fix sooner. If you have a patch prepared, let us know in your vulnerability report, and we will be in touch
Policy
DerangedSenators follows the principle of Coordinated Vulnerability Disclosure (CVD)