Moderate severityNVD Advisory· Published Jun 14, 2021· Updated Aug 3, 2024
Missing Handler in @scandipwa/magento-scripts
CVE-2021-32684
Description
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@scandipwa/magento-scriptsnpm | >= 1.5.1, < 1.5.3 | 1.5.3 |
Affected products
2- Range: >= 1.5.1, <= 1.5.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-52qp-gwwh-qrg4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32684ghsaADVISORY
- github.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071ghsax_refsource_MISCWEB
- github.com/scandipwa/create-magento-app/security/advisories/GHSA-52qp-gwwh-qrg4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.