24 matches found
EUVD-2024-2783
Malicious code in bioql PyPI...
EUVD-2022-1304
Malicious code in bioql PyPI...
CVE-2024-45401
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...
CVE-2022-24753
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...
Path Traversal
Stripe-CLI is vulnerable to path traversal. The vulnerability is due to improper validation of plugin shortnames in the manifest when installing plugins using the --archive-url or --archive-path flags, allowing an attacker to overwrite arbitrary files on the system by exploiting the path traversa...
GO-2024-3119 Path traversal vulnerability in stripe-cli in github.com/stripe/stripe-cli
Path traversal vulnerability in stripe-cli in github.com/stripe/stripe-cli...
CVE-2024-45401
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...
CVE-2024-45401
Summary: CVE-2024-45401 affects stripe-cli. In versions 1.11.1 up to, but not including, 1.21.3, a plugin package with a manifest containing a malformed plugin shortname installed via --archive-url or --archive-path could overwrite arbitrary files (path traversal). Impact: local file overwrite vi...
CVE-2024-45401 stripe-cli Path Traversal vulnerability
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...
CVE-2024-45401 stripe-cli Path Traversal vulnerability
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...
GHSA-FV4G-GWPJ-74GR Path traversal vulnerability in stripe-cli
Impact A vulnerability exists in stripe-cli versions 1.11.1 and higher where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update addresses the path traversal vulnerability by...
Path traversal vulnerability in stripe-cli
Impact A vulnerability exists in stripe-cli versions 1.11.1 and higher where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update addresses the path traversal vulnerability by...
Stripe CLI 安全漏洞
Stripe CLI is a command line tool for the Stripe e-commerce platform from Stripe Ireland. A security vulnerability exists in Stripe CLI version 1.11.1 and later versions, which stems from the inclusion of plug-in packages with formatting errors that can overwrite arbitrary files...
GO-2022-0350 Code injection in Stripe CLI on windows in github.com/stripe/stripe-cli
Code injection in Stripe CLI on windows in github.com/stripe/stripe-cli...
Code injection in Stripe CLI on windows
Impact A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux are unaffected. An attacker who successfully exploits the...
GHSA-4CX6-FJ7J-PJX9 Code injection in Stripe CLI on windows
Impact A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux are unaffected. An attacker who successfully exploits the...
Arbitrary Code Execution
github.com/stripe/stripe-cli is vulnerable to Arbitrary Code Execution. An attacker can inject and execute malicious commands through the stripe login, stripe config -e, stripe community, and stripe open in windows...
CVE-2022-24753
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...
Code injection
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...
CVE-2022-24753 Code injection in Stripe CLI on windows
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linu...