Skip to content
This repository has been archived by the owner on Feb 18, 2022. It is now read-only.

constructEvent does not verify header

High
qwtel published GHSA-4g53-vp7q-gfjv May 24, 2021

Package

npm @worker-tools/stripe-webhook (npm)

Affected versions

<1.1.4

Patched versions

1.1.4

Description

Impact

Anyone verifying a Stripe webhook request via this library's constructEvent function.

Patches

Upgrade to 1.1.4.

Workarounds

Use await verifyHeader(...) directly instead of constructEvent.

References

#1

Severity

High

CVE ID

No known CVE

Weaknesses

No CWEs