Thanks for visiting, this small file outlines what to do in the case that you have found an exploit / vulnerability.
You can either use the issue template for security related issues (which will open a private issue), or send an E-Mail at <flajt[at]protonmail[dot]com> (Use something like: Decentproof App/Backend Vulerability Report, so I can figure out what it is).
- App Version
- A short description of the vulnerability (what does it do, what do I need to exploit it etc.)
- The possible damage that can be inflicted
- A step by step guide on how to exploit / trigger it
- If you can setup and easy to use repository it would be cool but not required
- If possible a way to fix / resolve it
You can also check out this guide by owasp for what to include in your disclosure.
I will try to respond in up to 48 hours from there we can discuss additional steps.
Please don't share this vulerabilty with 3rd parties for the time beeing until a propper fix has been implemented.
I will try to fix the issue asap. In the process I might reach out with questions.
I can't and will not pay you money in case you claim to have found an exploit and want to share it only after a payment. Please save your and my time in this case, I appreciate it.
- If you want I will add you to the README (if there is no section for it yet, I will create it)
- I will thank you if I didn't do that before
- Feel free to publish it in any way you want (Depending on the severity of the issue I will request a small wait time so users have time to download the patches)
If you think something is not listed here but should be added, feel free to add it to your issue / E-Mail. Or open a discussion / issue to improve this file.