Not sure if this is the correct place, but I was trying to report a possible security bug within Netlify. After sending the email I got responded with “… you are a member of a team on a free Netlify plan”.
It’s not safe to make any vulnerability details public, where should I report this problem? There is a possibility that Netlify doesn’t consider the problem with valuable risk, but I don’t feel right to post it here.
hey @JafarAkhondali! Thank you so much for being invested in the security of our platform - we are as well and curious to hear more about what you noticed.
Can you please send an email to email@example.com so we can take a look?
We can also get you access to our bug bounty program and will report the vulnerability to Hackerone.
thank you again for reporting this in a responsible way