Report a Vulnerability

Date: September 27, 2023

To report a security vulnerability, please email our security team at [email protected].

Please include the following information in your report:

Description: A detailed description of the vulnerability, including the affected component or feature.

Steps to Reproduce: Provide step-by-step instructions on how to reproduce the vulnerability.

Impact: Explain the potential impact or risks associated with the vulnerability.

Your Contact Information: Include your name and contact details (email or phone) so that we can get in touch with you regarding the report.

Guidelines

We have a few important guidelines to ensure a responsible and efficient vulnerability disclosure process:

  • Do Not Share Publicly: Please do not disclose the vulnerability publicly until it has been resolved and you have received our confirmation.

  • Do Not Exploit: Do not attempt to exploit the vulnerability beyond what is necessary for your proof of concept.

  • Respect Privacy: Do not access, modify, or delete data that does not belong to you.

What to Expect

  • We will acknowledge the receipt of your report and work to confirm the vulnerability.

  • Our security team will assess the report, determine its severity, and develop a plan for remediation.

  • Once the vulnerability is resolved, we will notify you and provide an opportunity for you to confirm the fix.

Depending on the nature and impact of the vulnerability, you may be eligible for a security researcher recognition or reward, subject to our discretion.

Legal

Uproot is committed to abiding by relevant laws and regulations concerning security vulnerability disclosure. We will not pursue legal action against security researchers who report vulnerabilities responsibly.

Please note that attempting to exploit or disclose vulnerabilities irresponsibly may result in legal action.

Thank you for helping us keep Uproot a secure platform for our users.