Vulnerability	Vulnerable Version
H Replay Attack mppx is a </picture Affected versions of this package are vulnerable to Replay Attack in the `tempo/session` cooperative close handler due to improper validation of the close voucher amount. An attacker can bypass intended restrictions by submitting a close voucher with an amount exactly equal to the on-chain settled amount, allowing them to close or disrupt the channel without committing new funds. How to fix Replay Attack? Upgrade `mppx` to version 0.4.11 or higher.	<0.4.11
M Replay Attack mppx is a </picture Affected versions of this package are vulnerable to Replay Attack via the `stripe/charge` file. An attacker can consume unlimited resources by replaying a valid credential containing the same `spt` token against a new challenge, causing the server to accept the replayed Stripe PaymentIntent as a new successful payment without actually charging the customer again. How to fix Replay Attack? Upgrade `mppx` to version 0.4.11 or higher.	<0.4.11

Replay Attack

mppx is a </picture

Affected versions of this package are vulnerable to Replay Attack in the tempo/session cooperative close handler due to improper validation of the close voucher amount. An attacker can bypass intended restrictions by submitting a close voucher with an amount exactly equal to the on-chain settled amount, allowing them to close or disrupt the channel without committing new funds.

How to fix Replay Attack?

Upgrade mppx to version 0.4.11 or higher.

<0.4.11

Replay Attack

mppx is a </picture

Affected versions of this package are vulnerable to Replay Attack via the stripe/charge file. An attacker can consume unlimited resources by replaying a valid credential containing the same spt token against a new challenge, causing the server to accept the replayed Stripe PaymentIntent as a new successful payment without actually charging the customer again.

How to fix Replay Attack?

Upgrade mppx to version 0.4.11 or higher.

<0.4.11

Go back to all versions of this package