If you discover a security vulnerability in punt.sh, please report it responsibly by emailing:
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Resolution: Depends on severity, typically 1-4 weeks
Security issues we're interested in:
- Authentication/authorization bypasses
- Data exposure vulnerabilities
- XSS, CSRF, injection attacks
- Rate limiting bypasses
- Session handling issues
- Denial of service attacks
- Social engineering
- Issues in dependencies (report to upstream)
- Self-hosted instances with misconfigured environments
We follow coordinated disclosure. Please allow reasonable time to address issues before public disclosure.