If you believe you have found a security vulnerability in any Nethermind-owned repository that meets CVE's definition of a security vulnerability, please report it to us as described below. We ask you to please not publicly disclose any details of the vulnerability until we have had an opportunity to investigate and address it.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please use GitHub's report vulnerability tool to create a draft advisory. Please include as much information as you can provide (listed below) to help us better understand the nature and scope of the possible issue:
- Type of issue.
- Source files affected by the issue.
- Location of source code (tag/branch/commit or direct URL).
- Step-by-step instructions to reproduce the issue and any additional configuration that might be needed.
- Severity of the issue.
Alternatively, please email [email protected]. In case of using the email, please also specify the affected repository.
We will try to address your email as soon as possible. But if you have not received an answer after a couple of days, please follow up via email to ensure we received your original message.
We will release fixes for verified security vulnerabilities. We expect to publish vulnerabilities using GitHub security advisories.