The security of github.com/sumup/acp is of paramount importance to us, and we genuinely appreciate the community's efforts to identify and report vulnerabilities.

We recommend users stay updated with the latest version of our project for optimal stability and security.

Please do not open GitHub issues or pull requests - this makes the vulnerability immediately visible to everyone, including malicious actors. Security issues in this open-source project can be safely reported via the private SumUp bug bounty program.

To get an invite to our Hackerone private bug bounty program reach out to us via bugbounty at sumup com.

The SumUp security team will triage your report and determine whether or not is it eligible for a bounty under our program.

• Prioritize Confidentiality: We urge you not to disclose the vulnerability publicly until it's been addressed, ensuring the broader community isn't inadvertently put at risk.
• Ethical Practices: Engage in responsible and ethical behavior. Refrain from actions that compromise user privacy, system integrity, or availability.
• When in Doubt, Reach Out: If you're uncertain about the significance of a potential security issue, it's always better to err on the side of caution and notify us.