VYPR

Mppx

by Wevm

npm: mppx

Source repositories

CVEs (2)

  • CVE-2026-34210HigMar 31, 2026
    risk 0.46cvss 8.1epss 0.00

    mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt…

  • CVE-2026-34209HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.00

    mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "<" instead of "<=" against the on-chain settled amount. An attacker could submit a close voucher exactly…