stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Dec 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 19 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Stripe stripe-cli
|
|
CPEs | cpe:2.3:a:stripe:stripe-cli:*:*:*:*:*:*:*:* | |
Vendors & Products |
Stripe stripe-cli
|
Thu, 05 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Stripe
Stripe stripe Cli |
|
CPEs | cpe:2.3:a:stripe:stripe_cli:*:*:*:*:*:*:*:* | |
Vendors & Products |
Stripe
Stripe stripe Cli |
|
Metrics |
ssvc
|
Thu, 05 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability. | |
Title | stripe-cli Path Traversal vulnerability | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-05T17:09:08.933Z
Updated: 2024-12-19T21:21:42.735Z
Reserved: 2024-08-28T20:21:32.803Z
Link: CVE-2024-45401
Vulnrichment
Updated: 2024-09-05T17:42:10.278Z
NVD
Status : Modified
Published: 2024-09-05T18:15:06.227
Modified: 2024-12-19T22:15:05.770
Link: CVE-2024-45401
Redhat
No data.