VYPR

npm package

mppx

pkg:npm/mppx

Vulnerabilities (2)

  • CVE-2026-34210HigMar 31, 2026
    affected < 0.4.11fixed 0.4.11

    mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt tok

  • CVE-2026-34209HigMar 31, 2026
    affected < 0.4.11fixed 0.4.11

    mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly eq