All security issues will be prioritized based on their severity consisting of critical, high, medium, low or informational. Each severity will have their own timeline for corrective action plans and remediation deadlines as mentioned in the Threat and Vulnerability Management Policy.
If you believe you have found a security vulnerability in any Unqork owned repository, please report it to the Unqork Product Security team. This can be done by emailing to the product security team at [email protected].
Please include as much of the information listed below as you can to help us better understand and resolve the issue:
-
The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
-
Full paths of source file(s) related to the manifestation of the issue
-
The location of the affected source code (tag/branch/commit or direct URL)
-
Any special configuration required to reproduce the issue
-
Step-by-step instructions to reproduce the issue
-
Proof-of-concept or exploit code (if possible)
-
Any potential impacts of the issue that an attacker might leverage to exploit the issue
This information will help us triage the report more quickly.
Please do not report security vulnerabilities through public forums issues, discussions, or pull requests