Severity: Critical
CVSS Score: 9.3
### Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free `tempo/charge` requests - Replaying existing `tempo/charge` requests - Performing free `tempo/session` requests - Piggybacking off existing `tempo/session` channels - Griefing existing `tempo/session` channels - Manipulate the fee payer of a `tempo/charge` or `tempo/session` handler into paying for requests - Replaying existing `stripe/charge` requests ### Patches The issues are patched in 0.8.0 ### Workarounds There are no workarounds available for these vulnerabilities