CVE-2021-32684 MEDIUM

CVE-2021-32684: Missing Handler in @scandipwa/magento-scripts

Vendor Scandipwa

Product create-magento-app

Weakness CWE-670

Published June 14, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

6.2/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

Description

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems.

Key dates

Disclosure timeline

June 14, 2021 CVE published

August 3, 2024 Record updated