---
name: Security Vulnerability
about: Report a security vulnerability in path-security
title: '[SECURITY] '
labels: ['security', 'needs-triage']
assignees: ''
---
## ⚠️ IMPORTANT SECURITY NOTICE ⚠️
**DO NOT** post security vulnerabilities publicly. Instead, please:
1. **Email**: security@redasgard.com
2. **Include**: Detailed description and steps to reproduce
3. **Wait**: For our response before any public disclosure
## Vulnerability Description
A clear and concise description of the security vulnerability.
## Attack Vector
Describe how this vulnerability could be exploited:
- [ ] Path traversal bypass
- [ ] Encoding attack bypass
- [ ] Unicode attack bypass
- [ ] Windows-specific attack
- [ ] Performance DoS attack
- [ ] Memory safety issue
## Impact Assessment
- **Severity**: [Critical/High/Medium/Low]
- **Affected Versions**: [e.g. 0.2.0, 0.1.x]
- **Attack Complexity**: [Low/Medium/High]
- **User Interaction**: [Required/Not Required]
## Proof of Concept
```rust
// Minimal code that demonstrates the vulnerability
// DO NOT include actual exploit code in public issues
use path_security::validate_path;
use std::path::Path;
// Describe the attack without providing exploit code
```
## Environment
- **OS**: [e.g. Ubuntu 22.04, Windows 11, macOS 13.0]
- **Rust Version**: [e.g. 1.70.0]
- **path-security Version**: [e.g. 0.2.0]
## Recommended Actions
- [ ] I have already emailed security@redasgard.com
- [ ] I will wait for response before public disclosure
- [ ] I understand responsible disclosure practices
## Additional Context
Add any other context about the vulnerability here.
## Checklist
- [ ] I have read the [SECURITY.md](SECURITY.md) policy
- [ ] I understand this should be reported privately
- [ ] I will follow responsible disclosure practices