CVE-2021-32684

Missing Handler in @scandipwa/magento-scripts

Description

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems.

References

Link	Tags
https://github.com/scandipwa/create-magento-app/security/advisories/GHSA-52qp-gwwh-qrg4	third party advisory patch
https://github.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071	third party advisory patch

Frequently Asked Questions

What is the severity of CVE-2021-32684?: CVE-2021-32684 has been scored as a medium severity vulnerability.
How to fix CVE-2021-32684?: To fix CVE-2021-32684, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-32684 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-32684 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-32684?: CVE-2021-32684 affects scandipwa create-magento-app.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-670 – Always-Incorrect Control Flow Implementation

References

Frequently Asked Questions