Strix
26.1K

CVE-2024-45401

HIGHCVSS 7.1/10EPSS 0.19%

Last modified

CVE-2024-45401 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. EPSS estimates a 0.19% chance of exploitation in the next 30 days.

Description

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability.

Metrics

CVSS 3.1
7.1/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Probability
0.19%

9.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
StripeStripe Cli>= 1.11.1, < 1.21.3

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2024-45401?
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability.
How severe is CVE-2024-45401?
CVE-2024-45401 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 0.19% probability of exploitation in the next 30 days.
How do I fix CVE-2024-45401?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-45401?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST