Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
stripe-cli Path Traversal vulnerability
Vulnerability Description
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Stripe CLI 安全漏洞
Vulnerability Description
Stripe CLI是爱尔兰Stripe公司的Stripe电子商务平台的命令行工具。 Stripe CLI 1.11.1版本及之后版本存在安全漏洞,该漏洞源于包含带有格式错误的插件包可以覆盖任意文件。
CVSS Information
N/A
Vulnerability Type
N/A