If you believe you have found a security vulnerability in Maho, please report it through coordinated disclosure.
Please do not report security vulnerabilities through the repository issues, discussions, or pull requests. Instead, please open a new Github security advisory.
Please include the following information to help us better understand and resolve the issue:
- Type of vulnerability (e.g., buffer overflow, SQL injection, cross-site scripting)
- Full paths of affected source file(s)
- Location of the affected source code (tag/branch/commit or direct URL)
- Required configuration to reproduce the issue
- Step-by-step reproduction instructions
- Proof-of-concept or exploit code (if possible)
- Impact assessment, including potential attack vectors
- Any proposed mitigations or fixes (optional)