Vulnerabilities > Stripe

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-45401 Path Traversal vulnerability in Stripe Stripe-Cli
stripe-cli is a command-line tool for the payment processor Stripe.
local
low complexity
stripe CWE-22
7.1
2023-03-01 CVE-2023-23315 SQL Injection vulnerability in Stripe Payment PRO
The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5.
network
low complexity
stripe CWE-89
critical
9.8
2022-05-21 CVE-2022-29188 Unspecified vulnerability in Stripe Smokescreen 0.0.2/0.0.3
Smokescreen is an HTTP proxy.
network
low complexity
stripe
6.5
2022-04-19 CVE-2022-24825 Server-Side Request Forgery (SSRF) vulnerability in Stripe Smokescreen 0.0.2
Smokescreen is a simple HTTP proxy that fogs over naughty URLs.
network
low complexity
stripe CWE-918
5.3
2022-03-09 CVE-2022-24753 Unspecified vulnerability in Stripe CLI
Stripe CLI is a command-line tool for the Stripe eCommerce platform.
local
high complexity
stripe
7.0
2021-04-01 CVE-2021-21420 Unspecified vulnerability in Stripe
vscode-stripe is an extension for Visual Studio Code.
local
low complexity
stripe
7.8
2019-01-03 CVE-2018-19249 Improper Authentication vulnerability in Stripe API 1.0
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction.
network
low complexity
stripe CWE-287
7.5