diff --git a/.github/ISSUE_TEMPLATE/cve-report.md b/.github/ISSUE_TEMPLATE/cve-report.md new file mode 100644 index 0000000..d1c9157 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/cve-report.md @@ -0,0 +1,44 @@ +--- +name: CVE Report +about: 'Report Vulnerability ' +title: '' +labels: '' +assignees: '' + +--- + +### CVE Report + +Thank you for helping us improve the security of the Carbon project! Please provide the following details to help us address the issue efficiently. + +#### CVE ID (if applicable): +- If a CVE ID exists for this issue, please link to it here. Example: [CVE-XXXX-XXXX](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-XXXX-XXXX). + +#### Vulnerability Description: +- Please describe the vulnerability in detail. Include technical details such as the type of vulnerability (e.g., buffer overflow, SQL injection), affected components, and how it was discovered. + +#### Steps to Reproduce: +- Provide clear and concise steps to reproduce the issue. If possible, include code snippets, configurations, or commands to demonstrate the vulnerability. + +#### Affected Version: +- Specify which version(s) of Carbon are impacted by this vulnerability. If applicable, include the specific commit hash. + +#### Environment (Detailed): +- **Operating System(s):** [e.g., Windows, Linux, macOS] +- **Carbon Version/Commit:** [e.g., v1.2.3, commit hash abc123] +- **Logs:** Include any relevant logs or error messages related to the vulnerability. + +#### Potential Impact: +- Describe the potential impact of the vulnerability. For example, could it lead to unauthorized access, data loss, remote code execution, etc.? + +#### Additional Information: +- Any other details, screenshots, or resources that might be helpful in investigating and resolving the issue. + +#### Possible fix (optional): +- If you are aware of a possible fix or mitigation, please suggest it here. +--- + +### How to Submit: +1. If you have not done so already, please check if the CVE has been reported previously. +2. Fill out the details above, ensuring to provide as much information as possible. +3. Click "Submit new issue."