CVE-2021-32684

CVE-2021-32684 is a medium-severity vulnerability in Scandipwa Magento-scripts with a CVSS 3.x base score of 6.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-670.

Key facts

Description

magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems.

Frequently asked questions

What is CVE-2021-32684?
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, and logs commands, effectively making them unusable. Version 1.5.3 contains patches for the problems.
How severe is CVE-2021-32684?
CVE-2021-32684 has a CVSS 3.x base score of 6.2, rated medium severity. It is exploitable over local access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
Is CVE-2021-32684 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (49th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2021-32684?
CVE-2021-32684 primarily affects Scandipwa Magento-scripts. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2021-32684?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2021-32684 published?
CVE-2021-32684 was published on 2021-06-14 and last updated on 2026-06-17.

References

Affected products (2)

Other CWE-670 vulnerabilities

Browse all CWE-670 vulnerabilities →