Description

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability.

INFO

Published Date :

2024-09-05T17:09:08.933Z

Last Modified :

2024-12-19T21:21:42.735Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45401 vulnerability.

Vendors Products
Stripe
  • Stripe Cli
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45401.

URL Resource
https://github.com/stripe/stripe-cli/security/advisories/GHSA-fv4g-gwpj-74gr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact