How severe is CVE-2022-24753?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2022-24753?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2022-24753 - HIGH Severity | CVSS 7

Vulnerability Description

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in these situations before the code can run.Users are advised to upgrade to version 1.7.13. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2018-3836

HIGH

CVSS:7.0(High)

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitr...

CWE-782018

CVE-2019-1883

HIGH

CVSS:7.0(High)

A vulnerability in the command-line interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that ...

CWE-782019

CVE-2021-31799

HIGH

CVSS:7.0(High)

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

CWE-782021

CVE-2021-32830

HIGH

CVSS:7.0(High)

The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware...

CWE-782021

CVE-2022-3133

HIGH

CVSS:7.0(High)

OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.

CWE-782022

CVE-2017-6601

HIGH

CVSS:7.1(High)

A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an ...

CWE-782017