electron-packager is vulnerable to man-in-the-middle (MitM) attacks. The application by default sets the --strict-ssl
variable to false, disabling SSL certificate validation. This can allow an attacker on an adjacent network to conduct a MitM attack during the electron package installation step.
CPE | Name | Operator | Version |
---|---|---|---|
electron-packager | le | 6.0.2 |