Once we've received your report, we'll investigate it and respond to you as soon as possible. We ask you not to discuss any vulnerabilities you have found (including resolved ones) without our express consent.
Participation in the Bug Bounty Program requires you to comply with the policy below.
When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope: