Описание
electron-packager is a command line tool that packages Electron source code into .app and .exe packages. along with Electron. The --strict-ssl command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.
Ссылки
- Issue TrackingMitigationThird Party Advisory
- MitigationThird Party Advisory
- Issue TrackingMitigationThird Party Advisory
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.2.1 (включая) до 6.0.2 (включая)
cpe:2.3:a:electron-packager_project:electron-packager:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 37%
0.00156
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
CWE-295
Связанные уязвимости
EPSS
Процентиль: 37%
0.00156
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-295
CWE-295