Vulnerability Details CVE-2016-10534
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.4%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2016-10534
-
cpe:2.3:a:electron-packager_project:electron-packager:5.2.1
-
cpe:2.3:a:electron-packager_project:electron-packager:6.0.0
-
cpe:2.3:a:electron-packager_project:electron-packager:6.0.1
-
cpe:2.3:a:electron-packager_project:electron-packager:6.0.2