Medium severity5.9NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2016-10534
CVE-2016-10534
Description
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
electron-packagernpm | >= 5.2.1, < 7.0.0 | 7.0.0 |
Affected products
2- HackerOne/electron-packager node modulev5Range: >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-q43m-ffwr-rpccghsaADVISORY
- github.com/electron-userland/electron-packager/issues/333nvdIssue TrackingMitigationThird Party AdvisoryWEB
- nodesecurity.io/advisories/104nvdMitigationThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2016-10534ghsaADVISORY
- www.npmjs.com/advisories/104ghsaWEB
News mentions
0No linked articles in our index yet.