Stripe disclosed a bug submitted by sn-shyk: https://hackerone.com/reports/1257767 – Bounty: $500 [Source]