Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycXAtZ3d3aC1xcmc0
Missing Handler in @scandipwa/magento-scripts
Impact
After changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec and logs commands, effectively making them unusable.
Patches
Version 1.5.3 contains patches for the problems described above.
Workarounds
Upgrade to patched or latest (recommended) version npm i @scandipwa/[email protected]
or npm i @scandipwa/magento-scripts@latest
.
References
New releases always available here: https://github.com/scandipwa/create-magento-app/releases
For more information
If you have any questions or comments about this advisory:
- Open an issue in create-magento-app
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycXAtZ3d3aC1xcmc0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago
CVSS Score: 6.2
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-52qp-gwwh-qrg4, CVE-2021-32684
References:
- https://github.com/scandipwa/create-magento-app/security/advisories/GHSA-52qp-gwwh-qrg4
- https://nvd.nist.gov/vuln/detail/CVE-2021-32684
- https://github.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071
- https://github.com/advisories/GHSA-52qp-gwwh-qrg4
Blast Radius: 7.5
Affected Packages
npm:@scandipwa/magento-scripts
Dependent packages: 2Dependent repositories: 16
Downloads: 1,633 last month
Affected Version Ranges: >= 1.5.1, < 1.5.3
Fixed in: 1.5.3
All affected versions: 1.5.1, 1.5.2
All unaffected versions: 0.0.1, 0.0.2, 0.2.0, 0.2.1, 0.2.2, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.5.0, 1.5.3, 1.6.0, 1.6.1, 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.9.1, 1.10.0, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.12.0, 1.12.1, 1.12.2, 1.13.0, 1.13.1, 1.13.2, 1.13.3, 1.13.4, 1.14.0, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.15.4, 1.15.5, 1.15.6, 1.15.7, 1.16.0, 1.16.1, 1.17.0, 1.17.1, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.3.0, 2.3.1