Stripe disclosed a bug submitted by akashhamal0x01: https://hackerone.com/reports/1634165 – Bounty: $4000 [Source]