CVE-2021-32684
Missing Handler in @scandipwa/magento-scripts
描述
### Impact After changing the function from synchronous to asynchronous there wasn't implemented handler in the [start](https://docs.create-magento-app.com/getting-started/available-commands/start), [stop](https://docs.create-magento-app.com/getting-started/available-commands/stop), [exec](https://docs.create-magento-app.com/getting-started/available-commands/exec) and [logs](https://docs.create-magento-app.com/getting-started/available-commands/logs) commands, effectively making them unusable. ### Patches [Version 1.5.3](https://github.com/scandipwa/create-magento-app/releases/tag/%40scandipwa%2Fmagento-scripts%401.5.3) contains patches for the problems described above. ### Workarounds Upgrade to patched or latest (recommended) version `npm i @scandipwa/[email protected]` or `npm i @scandipwa/magento-scripts@latest`. ### References New releases always available here: https://github.com/scandipwa/create-magento-app/releases ### For more information If you have any questions or comments about this advisory: * Open an issue in [create-magento-app](https://github.com/scandipwa/create-magento-app/issues)
如何修補 CVE-2021-32684
要修補 CVE-2021-32684,請將受影響套件升級到下列已修補版本。
- —升級至 1.5.3 或更新版本
CVE-2021-32684 正在被利用嗎?
低 — EPSS 為 0.2%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 1.5.1, < 1.5.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |