Bordiez

Name of the Vulnerable Software and Affected Versions: stripe-cli versions 1.11.1 through 1.21.2 Description: A path traversal vulnerability exists in stripe-cli where a plugin package containing a manifest with a malformed plugin shortname installed using the `--archive-url` or `--archive-path` flags can overwrite arbitrary files. The update in version 1.21.3 addresses this issue by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability. Recommendations: Upgrade to stripe-cli version 1.21.3. As a temporary workaround, consider disabling the installation of plugins from archive URLs or paths until the update is applied. Restrict access to the `--archive-url` and `--archive-path` flags to minimize the risk of exploitation.