DexMach takes security of our services and products seriously. If you believe you have found a security vulnerability in any DexMach owned repository or product, please report it as described below.
** Please do not report security vulnerabilities through public GitHub issues.**
Instead, please send an email to secure@dexmach.com.
You should receive a response within 24 hours!
Please include the requested information listed below to help us better understand the nature and scope of the security issue:
- Type of issue (eg: authentication, authorization, ...)
- Current behaviour
- Expected behaviour
- steps to reproduce the issue
- Impact of the issue, including how one might exploit the issue
We prefer all communication in English, Dutch or French
Every vulnerability is rated with one of the following security levels:
- critical
- high
- moderate
- low
Any critical security issue requires an immediate fix. An issue is critical if it is technically a high security issues that is known to be currently exploited or would put a high number of users at severe risk if being exploited
An issue is marked as high if it is exploitable and would lead to compromise of user data.
These issues are generally not as severe as high security issues because they require user interaction or require other additional circumstances/vulnerabilities to be exploitable.
These issues have security implications but don’t have any (known) exploit path or the exploit requires excessive resources, or is very limited in scope, or leaks insensitive information.