Skip to content

Security: Framed-App/framed

Security

SECURITY.md

If you have found a security vulnerability in Framed, please do not open an issue on GitHub. Instead, send an email to email.

Please include the following in your report:

  • Description of the vulnerability
  • Steps to reproduce the vulnerability
  • Proof of exploitability (such as a screenshot or video)
  • Impact
  • CVSSv3 Score
  • Proof of Concept
  • Browser, OS, and, if applicable, app version used during testing
  • IP Address(es) from which testing was done (if testing the Framed web services)

Important: Do not do automated scanning against the Framed website or API. This may result in your IP address being blocked.

Do not report any of the following:

  • Self XSS
  • Missing cookie flags
  • SSL/TLS Best Practices
  • Login/Logout/Unauthenticated CSRF
  • Incomplete/Missing SPF/DKIM
  • Clickjacking
  • Known vulnerabilities in libraries without proof of concept
  • Vulnerabilities that do not affect the latest version of Framed

Do not publicly disclose any details regarding a vulnerability until it has been fixed.

There aren’t any published security advisories