Immediately stop using the program if you believe that a major security issue has been found. This is the first vital step to protect yourself until the vulnerability has been patched.
I am able to provide security vulnerability patching for code commited to the master branch that has been made available in the Releases section of the repository, only. This includes commits that have been tagged and flagged as a release, where the vulnerability will and continues to affect downstream.
Please do not open a public issue with a security vulnerability report and send me a Discord message directly at: saber7ooth#7527 with your report.
You will need to include:
- Your Host Operating System specifications
- The commit / tag number of the product which you are using
- A PoC in the form of a video that demonstrates the security issue with the product being run in Debug configuration.
- If the bug is produced by moving the build configuration to release, you must state this difference in your report.
TIP: Use the PDB debugging symbols provided with the debug configuration package. If you are able to provide verbose stacktrace, this helps me out a lot.
Do not submit PoC (Proof-Of-Concept) in the form of executable files. I will not accept these. A privated YouTube video is more than enough to share with me what's going on.
You can choose to remain anonymous in your report of a vulnerability. If you don't wish to remain anonymous and don't state so, your GitHub and / or Discord Username will be mentioned in the commit that patches the issue to give you credit.