GitHub Advisory DatabaseGHSA-52QP-GWWH-QRG4Missing Handler in @scandipwa/magento-scripts
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
11.7%
Impact
After changing the function from synchronous to asynchronous there wasn’t implemented handler in the start, stop, exec and logs commands, effectively making them unusable.
Patches
Version 1.5.3 contains patches for the problems described above.
Workarounds
Upgrade to patched or latest (recommended) version npm i @scandipwa/[email protected] or npm i @scandipwa/magento-scripts@latest.
References
New releases always available here: https://github.com/scandipwa/create-magento-app/releases
For more information
If you have any questions or comments about this advisory:
- Open an issue in create-magento-app
| CPE | Name | Operator | Version |
|---|---|---|---|
| @scandipwa/magento-scripts | lt | 1.5.3 |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
11.7%