CVE-2016-10534

Summary

electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.

Affected Software

VendorProductVersion RangeStatus
HackerOneelectron-packager node module`>= 5.2.1 <= 6.0.0

Weaknesses

  • CWE-295: Improper Certificate Validation (CWE-295)

ADP Enrichment

CVE Program Container

Additional References

References