Skip to content

Latest commit

 

History

History
68 lines (44 loc) · 2.16 KB

CVD_MESSAGE_TEMPLATE.md

File metadata and controls

68 lines (44 loc) · 2.16 KB

Notice of Embargo

This is an embargoed notification that a vulnerability has been discovered in Flux. This notice has been sent to subscribed distributors and service providers in order to allow for timely patching. You are receiving this notification as you have agreed to abide by the embargo policy on this project. Do not forward this information to other parties without complying with the instructions of the embargo policy.

Summary

2-3 sentences describing the vulnerability using technical details. This should only contain enough information to be able to make a quick determination of what the vulnerability is about.

CVE

$CVE-NUMBER

Versions

$CONTROLLER-NAME $VERSION_RANGE

FLUX2 CLI $VERSION_RANGE

$CVSS $SEVERITY [low, medium, high, critical]

Provide an attack scenario or other information to explain the risk associated. Use details gathered from the triage.

Further information about the scoring details can be found at cvss-calculator.

Proof of Concept

Provide exact code or command lines in order to offer usable, precise, and repeatable methods for a subscriber to reproduce the problem and test fixes and mitigations.

Remediation and Mitigation

Provide information on the known remediation or planned patch. Be sure to list when it will be available or links to where the patch will be available.

Additional information

If you have additional information to provide, be sure to include it here.

Timeline

Date reported: DD MMM YYYY Date fixed: DD MMM YYYY Date to be disclosed: DD MMM YYYY

Public disclosure date: $DATE $TIME $TIMEZONE

Do not:

  • make this information public,
  • issue communications hinting at or regarding this,
  • share this with others,
  • issue public patches before the disclosure date

This list will be notified immediately if the disclosure date is at risk or changes. Questions should be directed to the security contacts.