Stripe: Limited path traversal in Node.js SDK leads to PII disclosure

A limited path traversal vulnerability in the Node.js SDK allowed an attacker to retrieve personally identifiable information PII of users. By using . and .. as identifiers in API methods, the attacker could call parent API methods and access sensitive data such as email addresses, names, and...