CVE-2016-10534
CVE-2016-10534
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
31 May 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.
Affected products
HackerOne · electron-packager node moduleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →