CVE-2021-32684
Published: 14 June 2021
Summary
CVE-2021-32684 is a medium-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Scandipwa Magento-Scripts. Its CVSS base score is 6.2 (Medium).
Operationally, ranked at the 40.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-1262
Vulnerability details
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start,…
more
stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.