#giongfnef_code

👋 Welcome to your new thread!

⏲️ We'll be here soon! Typically we respond in a few minutes, but sometimes we might take a bit longer if the server is busy or if you have a particularly tricky question.

⏱️ We close idle threads, which makes them read-only. Once a thread is closed it won't be reopened, but you can always start a new thread if you have another question.

🔗 This thread will always be available, even after it's closed. You can find it again using Discord's search, or you can save this link: https://discord.com/channels/841573134531821608/1282720604700807218

📝 Have more to share? Add more details, code, screenshots, videos, etc. below.

Hello, I'd recommend submitting a report via HackerOne: https://hackerone.com/stripe

That is the best way to report something if you believe a vulnerability was found

See: https://docs.stripe.com/security#disclosure-and-reward-program

Hello, I have already reported the issue, and this is my report code 2675868. It seems that the triager on HackerOne didn’t understand the problem and marked it out of scope before it could reach the internal team. I think it would be faster if I submitted the report directly to the internal team. All I want to do is help improve your system. I can send the full report via email if necessary; I currently have a specific POC video showing how this vulnerability can be exploited. The first thing I want is to warn your team about this report. I just want the dev team of https://insiders.stripe.dev/ to be aware of this vulnerability and fix it before someone else takes advantage of it to do something malicious. Thank you.

We can't help you with this here. If you want to report it in a different manner outside of Hackone then you can reach out to our Support team via https://support.stripe.com/contact/login

We can only help with user questions about implementing our API here.