CVE-2022-24753

Name of the Vulnerable Software and Affected Versions Stripe CLI versions prior to 1.7.13

Description A vulnerability exists in Stripe CLI on Windows when certain commands are run in a directory where an attacker has planted files. The affected commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux are unaffected. An attacker who successfully exploits the issue can run arbitrary code in the context of the current user. The update addresses the issue by throwing an error in these situations before the code can run. There has been no evidence of exploitation of this issue.

Recommendations Upgrade to version 1.7.13. As a temporary workaround, consider avoiding running the affected commands in untrusted directories until the update is applied. Restrict access to the affected commands to minimize the risk of exploitation.