2 matches found
CVE-2016-10534
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager = 5.2.1 =6.0.0 = 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a...
CVE-2016-10534
CVE-2016-10534 affects electron-packager where the --strict-ssl option is defaulted to false in versions 5.2.1–6.0.0 and 6.0.0–6.0.2 unless explicitly set to true. This enables potential MITM attacks during Electron downloads for supported targets. Connected advisories corroborate the MITM risk a...