CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24753 – Code injection in Stripe CLI on windows
https://notcve.org/view.php?id=CVE-2022-24753
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. • https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cd https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •