Skip to content

Security: upryzing/lavender

Security

.github/SECURITY.md

Security

What To Report

Before reporting any vulnerabilities, ensure that said vulnerability follows these guidelines.

Do report if:

  • Said vulnerabilities allowing external individuals to remotely gain access to the server.
    • Example: Privilege escallation, downloading user data.
  • Said vulnerabilities result in severe client-side exploits
    • Example: Remote code execution.

Don't report if:

  • The vulnerability relies on physical access to a given machine
  • The vulnerability relies on phishing or pharming attacks.

Disclosing

When disclosing a security vulnerability, you can send it to us via these methods:

  • Email us at (TODO: ADD EMAIL (LEA GET OFF DESTINY))
  • Write up a security advisory on the relevant repository
  • Directly message a relevant developer

Additionally, provide us the following information:

  • The type of security vulnerability it falls under
  • The severity of the vulnerability
  • Replication steps
  • (Optionally) A program or config that automatically replicates the problem.

There aren’t any published security advisories