Please open a private security advisory if possible, or email the maintainer. Include:

• a description of the issue
• steps to reproduce
• impact assessment