Lucene search
HackeroneCVELIST:CVE-2016-10534HistoryApr 26, 2018 - 12:00 a.m.
CVE-2016-10534
2018-04-2600:00:00
CWE-295
hackerone
www.cve.org
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.
CNA Affected
[
{
"product": "electron-packager node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": ">= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2"
}
]
}
]Related
veracode
veracode
Man-in-the-Middle (MitM)
2016-04-23 01:22:54
osv
osv
CVE-2016-10534
2018-05-31 20:29:01
SSL Validation Defaults to False in electron-packager
2019-02-18 23:58:24
prion
prion
Command injection
2018-05-31 20:29:00
nvd
nvd
CVE-2016-10534
2018-05-31 20:29:01
cve
cve
CVE-2016-10534
2018-05-31 20:29:01
nodejs
nodejs
SSL Validation Defaults to False
2016-04-21 18:27:18
github
github
SSL Validation Defaults to False in electron-packager
2019-02-18 23:58:24