We take security issues within Labrador very seriously. If you have found a credible attack that originates from Labrador packages PLEASE report the appropriate details to [email protected]. The emails sent to this address adhere to the same rule described in "Who receives the Report" in Reporting.
If you would like to go a step beyond to ensure prompt resolution of your ticket the following would be extremely beneficial:
-
Create a private GitHub repository with the vulnerable Labrador package while including a:
EXPLOIT.mdfile that describes what the exploit is, how it is carried out, and why it should be considered a vulnerability.exploit/Any source code that could be used to verify the exploit.