Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycXAtZ3d3aC1xcmc0

Missing Handler in @scandipwa/magento-scripts

Impact

After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable.

Patches

Version 1.5.3 contains patches for the problems described above.

Workarounds

Upgrade to patched or latest (recommended) version npm i @scandipwa/[email protected] or npm i @scandipwa/magento-scripts@latest.

References

New releases always available here: https://github.com/scandipwa/create-magento-app/releases

For more information

If you have any questions or comments about this advisory:

• Open an issue in create-magento-app

Permalink: https://github.com/advisories/GHSA-52qp-gwwh-qrg4
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycXAtZ3d3aC1xcmc0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago

CVSS Score: 6.2
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-52qp-gwwh-qrg4, CVE-2021-32684
References:

• https://github.com/scandipwa/create-magento-app/security/advisories/GHSA-52qp-gwwh-qrg4
• https://nvd.nist.gov/vuln/detail/CVE-2021-32684
• https://github.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071
• https://github.com/advisories/GHSA-52qp-gwwh-qrg4

Repository: https://github.com/scandipwa/create-magento-app
Blast Radius: 7.5

Affected Packages