Home > Vulnerability Database > CVE-2021-32684

Mend.io Vulnerability Database

CVE-2021-32684

Good to know:

Date: June 14, 2021

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems.

Language: JS

Severity Score

5.5

Related Resources (4)

Url: https://github.com/scandipwa/create-magento-app/security/advisories/GHSA-52qp-gwwh-qrg4

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-32684

Url: https://github.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071

Url: https://www.mend.io/vulnerability-database/CVE-2021-32684

Severity Score

5.5

Weakness Type (CWE)

Always-Incorrect Control Flow Implementation

CWE-670

Top Fix

Upgrade Version

Upgrade to version @scandipwa/magento-scripts - 1.5.3

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-32684

Good to know:

Date: June 14, 2021

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?