mirror of
https://github.com/nox-project/nox-framework.git
synced 2026-06-08 16:07:17 +00:00
nox-project
35 lines
964 B
Markdown
35 lines
964 B
Markdown
# Security Policy
|
|
|
|
## Supported Versions
|
|
|
|
| Version | Supported |
|
|
|---------|-----------|
|
|
| 1.0.x | ✅ Active |
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
Report security vulnerabilities **privately** — do not open a public issue.
|
|
|
|
**Contact:** open a [GitHub Security Advisory](https://github.com/nox-project/nox-framework/security/advisories/new)
|
|
|
|
Include:
|
|
- A clear description of the vulnerability
|
|
- Steps to reproduce
|
|
- Potential impact
|
|
- Suggested fix (if any)
|
|
|
|
You will receive an acknowledgement within 48 hours. Critical vulnerabilities are patched within 7 days.
|
|
|
|
## Scope
|
|
|
|
In-scope:
|
|
- Remote code execution via crafted source plugin or API response
|
|
- Credential leakage from the vault or apikeys.json
|
|
- OPSEC bypass (real IP exposure when proxy/Tor is configured)
|
|
- Dependency vulnerabilities with a direct exploit path
|
|
|
|
Out of scope:
|
|
- Issues requiring physical access to the machine
|
|
- Social engineering
|
|
- Vulnerabilities in third-party APIs queried by NOX
|