CVE-2016-10534
N/A
N/A
Summary
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | electron-packager node module | `>= 5.2.1 <= 6.0.0 |
Weaknesses
- CWE-295: Improper Certificate Validation (CWE-295)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/electron-userland/electron-packager/issues/333
- https://nodesecurity.io/advisories/104
References
- https://github.com/electron-userland/electron-packager/issues/333
- https://nodesecurity.io/advisories/104
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.