Lucene search
GitHub Advisory DatabaseGHSA-4G53-VP7Q-GFJVHistoryMay 28, 2021 - 7:18 p.m.
constructEvent does not verify header
2021-05-2819:18:28
GitHub Advisory Database
github.com
57
constructevent
verifyheader
stripe
webhook
function
upgrade
Impact
Anyone verifying a Stripe webhook request via this libraryβs constructEvent function.
Patches
Upgrade to 1.1.4.
Workarounds
Use await verifyHeader(...) directly instead of constructEvent.
References
Affected configurations
Node
worker-toolsstripe-webhookRange<1.1.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| worker-tools | stripe-webhook | * | cpe:2.3:a:worker-tools:stripe-webhook:*:*:*:*:*:*:*:* |