Responsible Disclosure

Security vulnerability reporting policy

About

All projects listed here are hobby projects maintained by a single developer. There is no bug bounty program and no financial compensation for vulnerability reports. That said, responsible reports are very much appreciated and will be acknowledged.

Projects in scope

NetSight
IP lookup & network intelligence tool
netsight.mutebefehl.de
Cloudflare Workers
Frameshot
Secure image hosting
img.mutebefehl.de
Next.js
Pulse
Bug reporting & tracking
bugs.mutebefehl.de
Node.js
Argus
Network scanner & monitoring
argus.mutebefehl.de
Node.js
MuteBefehl
Personal website
mutebefehl.de
Next.js

Out of scope

  • Mail infrastructure (DMARC, DKIM, SPF) — hosted by Infomaniak
  • Third-party services (Cloudflare, Mapbox, Plausible, etc.)
  • Rate limiting or denial-of-service testing
  • Social engineering attacks
  • Automated scanning that degrades the service
  • Issues in dependencies without a demonstrated exploit

How to report

Send an email to [email protected] with:

  • A description of the vulnerability
  • Steps to reproduce the issue
  • The potential impact

I will try to respond within 7 days and keep you updated on the fix.

Rules

  • Do not access or modify data of other users
  • Do not disrupt the service or perform destructive actions
  • Give reasonable time to fix the issue before public disclosure
  • Do not use automated vulnerability scanners at high volume