electron-packager@6.0.1 vulnerabilities

Customize and package your Electron app with OS-specific bundles (.app, .exe, etc.) via JS or CLI

latest version

17.1.2
latest non vulnerable version

17.1.2
first published

9 years ago
latest version published

9 months ago
licenses detected
- BSD-2-Clause
  >=0
View electron-packager package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the electron-packager package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L SSL Validation disabled by default `electron-packager` is a command line tool that lets you package and distribute your Electron app with OS-specific bundles (.app, .exe etc) via JS or CLI. Versions `5.2.1-6.0.2` have the `--strict-ssl` command line option default to false (causing strict-ssl to not be enabled). This could allow an attacker to execute a SSL Man In The Middle attack and deliver a malicious electron version that also gets cached in `~/.electron` folder. How to fix SSL Validation disabled by default? Upgrade `electron-packager` to version 7.0.0 or higher. If a direct dependency update is not possible, use `snyk wizard` to patch this vulnerability. Delete the electron-download cache folder, by default named `.electron`, located in your home folder.	>=5.2.1 <7.0.0
L SSL Validation disabled by default `electron-packager` is a command line tool that lets you package and distribute your Electron app with OS-specific bundles (.app, .exe etc) via JS or CLI. Versions `5.2.1-6.0.2` have the `--strict-ssl` command line option default to false (causing strict-ssl to not be enabled). This could allow an attacker to execute a SSL Man In The Middle attack and deliver a malicious electron version that also gets cached in `~/.electron` folder. How to fix SSL Validation disabled by default? Upgrade `electron-packager` to version 7.0.0 or higher. If a direct dependency update is not possible, use `snyk wizard` to patch this vulnerability. Delete the electron-download cache folder, by default named `.electron`, located in your home folder.	>=5.2.1 <7.0.0

SSL Validation disabled by default

electron-packager is a command line tool that lets you package and distribute your Electron app with OS-specific bundles (.app, .exe etc) via JS or CLI.

Versions 5.2.1-6.0.2 have the --strict-ssl command line option default to false (causing strict-ssl to not be enabled). This could allow an attacker to execute a SSL Man In The Middle attack and deliver a malicious electron version that also gets cached in ~/.electron folder.

How to fix SSL Validation disabled by default?

Upgrade electron-packager to version 7.0.0 or higher. If a direct dependency update is not possible, use snyk wizard to patch this vulnerability.

Delete the electron-download cache folder, by default named .electron, located in your home folder.

>=5.2.1 <7.0.0

SSL Validation disabled by default

electron-packager is a command line tool that lets you package and distribute your Electron app with OS-specific bundles (.app, .exe etc) via JS or CLI.

How to fix SSL Validation disabled by default?

Upgrade electron-packager to version 7.0.0 or higher. If a direct dependency update is not possible, use snyk wizard to patch this vulnerability.

Delete the electron-download cache folder, by default named .electron, located in your home folder.

>=5.2.1 <7.0.0

Go back to all versions of this package

electron-packager@6.0.1 vulnerabilities

Customize and package your Electron app with OS-specific bundles (.app, .exe, etc.) via JS or CLI

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities