CVE-2022-24753: 
vulnerability analysis and mitigation

A vulnerability in Stripe CLI was discovered affecting Windows systems when specific commands ('stripe login', 'stripe config -e', 'stripe community', and 'stripe open') are executed in a directory containing maliciously planted files. The vulnerability was assigned CVE-2022-24753 and was disclosed on March 9, 2022. MacOS and Linux systems were not affected by this vulnerability (GitHub Advisory).

The vulnerability exists in versions prior to 1.7.13 of the Stripe CLI tool. The issue received a CVSS v3.1 base score of 7.0 HIGH (Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability is related to the command execution process in the Windows environment, specifically when handling certain CLI commands in directories with planted malicious files (NVD).

An attacker who successfully exploits this vulnerability can execute arbitrary code in the context of the current user when specific Stripe CLI commands are run. This could lead to unauthorized code execution and potential system compromise within the user's security context (GitHub Advisory).

Users are advised to upgrade to Stripe CLI version 1.7.13 or later, which addresses the vulnerability by implementing error handling that prevents code execution in potentially dangerous situations. There are no known workarounds for this issue other than upgrading to the patched version (GitHub Advisory).