CVE-2016-10534

MEDIUM

electron-packager 5.2.1-6.0.0 6.0.0-6.0.2 - Improper Certificate Validation via --strict-ssl Option

Title source: llm
STIX 2.1

Description

electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.

References (2)

Core 2
Core References
Issue Tracking, Mitigation, Third Party Advisory x_refsource_misc
https://github.com/electron-userland/electron-packager/issues/333
Mitigation, Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/104

Scores

CVSS v3 5.9
EPSS 0.0095
EPSS Percentile 56.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-295
Status published
Products (2)
electron-packager_project/electron-packager 5.2.1 - 6.0.2
npm/electron-packager 5.2.1 - 7.0.0npm
Published May 31, 2018
Tracked Since Feb 18, 2026