4 matches found
CVE-2026-34210 mppx has Stripe charge credential replay via missing idempotency check
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...
CVE-2026-34210 mppx has Stripe charge credential replay via missing idempotency check
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...
CVE-2026-34210
The cvE-2026-34210 issue affects the mppx TypeScript interface for the machine payments protocol. Prior to version 0.4.11, the stripe/charge method did not validate Stripe’s Idempotent-Replayed header when creating PaymentIntents, allowing an attacker to replay a valid credential with the same sp...
GHSA-8MHJ-RFFC-RCVW mppx has Stripe charge credential replay via missing idempotency check
Impact The stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a ne...