Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Code injection in Stripe CLI on windows
Vulnerability Description
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in these situations before the code can run.Users are advised to upgrade to version 1.7.13. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Stripe CLI 操作系统命令注入漏洞
Vulnerability Description
Stripe CLI是爱尔兰Stripe公司的Stripe电子商务平台的命令行工具。 Stripe CLI 存在操作系统命令注入漏洞,攻击者可以利用该漏洞在当前用户的环境中运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A