← Back

Stripe Api

stripe_api

Vendor: Stripe • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-19249
1Stripe
1Stripe Api
Nov 21, 2024
Jan 3, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check informa...Show more
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card{}, and reading the cvc_check information if the creation is successful without charging the actual card used in the transaction.Show less