VYPR
Medium severity5.9NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026

CVE-2016-10534

CVE-2016-10534

Description

electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
electron-packagernpm
>= 5.2.1, < 7.0.07.0.0

Affected products

2
  • ghsa-coords
    Range: >= 5.2.1, < 7.0.0
  • HackerOne/electron-packager node modulev5
    Range: >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.