CVE-2016-10534

2018-05-31T20:29:00
ID CVE-2016-10534
Type cve
Reporter cve@mitre.org
Modified 2019-10-09T23:16:00

Description

electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.