CVE-2021-32684
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| scandipwa | create-magento-app | >= 1.5.1, <= 1.5.2 | affected |
Weaknesses
- CWE-670: CWE-670: Always-Incorrect Control Flow Implementation
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/scandipwa/create-magento-app/security/advisories/GHSA-52qp-gwwh-qrg4
- https://github.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071
References
- https://github.com/scandipwa/create-magento-app/security/advisories/GHSA-52qp-gwwh-qrg4
- https://github.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.