CVE-2021-32684

Description

### Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the [start](https://docs.create-magento-app.com/getting-started/available-commands/start), [stop](https://docs.create-magento-app.com/getting-started/available-commands/stop), [exec](https://docs.create-magento-app.com/getting-started/available-commands/exec) and [logs](https://docs.create-magento-app.com/getting-started/available-commands/logs) commands, effectively making them unusable. ### Patches [Version 1.5.3](https://github.com/scandipwa/create-magento-app/releases/tag/%40scandipwa%2Fmagento-scripts%401.5.3) contains patches for the problems described above. ### Workarounds Upgrade to patched or latest (recommended) version `npm i @scandipwa/[email protected]` or `npm i @scandipwa/magento-scripts@latest`. ### References New releases always available here: https://github.com/scandipwa/create-magento-app/releases ### For more information If you have any questions or comments about this advisory: * Open an issue in [create-magento-app](https://github.com/scandipwa/create-magento-app/issues)

How to fix CVE-2021-32684

To remediate CVE-2021-32684, upgrade the affected package to a fixed version below.

• —upgrade to 1.5.3 or later

Is CVE-2021-32684 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 1.5.1, < 1.5.3

CVSS scores

References (3)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-32684
• WEBgithub.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071
• WEBgithub.com/scandipwa/create-magento-app/security/advisories/GHSA-52qp-gwwh-qrg4