We strongly recommend always using the latest version of the Storm Framework to ensure all the latest security patches are installed.
As a Storm Framework developer, I greatly appreciate the contributions of the security research community. If you discover a security vulnerability in our core engine, modules, or installation scripts:
- DON'T open a public GitHub Issue to report a security bug.
- Send reports privately via encrypted email:
- E-mail: elzyproot@protonmail.com
- Subject:
[VULNERABILITY REPORT] Storm-Framework
To expedite the verification process, please include:
- Detailed description of the security vulnerability.
- Steps to reproduce the vulnerability (Proof of Concept).
- Potential impacts (e.g.: RCE, LFI, Bypass Authentication).
- Suggestions for improvement (if any).
If your report is valid:
- We will provide an initial response within 48-72 hours.
- We will work with you to do this patching.
- Your name will be listed in Security Credits on the latest version release (unless you wish to remain anonymous).
This policy covers all files under the organization/repo StormWorld0/storm-framework. Issues related to third party dependencies (such as requests, scapy, etc.) must be reported to the respective vendors, but we would still appreciate it if you could inform us about the impact on this framework..
Thank you for helping keep the Storm Framework safe and open.