We take security issues within Labrador very seriously. If you have found a credible attack that originates from Labrador packages PLEASE report the appropriate details to [email protected]. The emails sent to this address adhere to the same rule described in "Who receives the Report" in Reporting.

If you would like to go a step beyond to ensure prompt resolution of your ticket the following would be extremely beneficial:

• Create a private GitHub repository with the vulnerable Labrador package while including a:

  • EXPLOIT.md file that describes what the exploit is, how it is carried out, and why it should be considered a vulnerability.
  • exploit/ Any source code that could be used to verify the exploit.