CVE-2021-21414

Summary

Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the getPackedPackage function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase.

Affected Software

VendorProductVersion RangeStatus
prismaprisma< 2.20.0affected

Weaknesses

  • CWE-78: {"CWE-78":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}

ADP Enrichment

CVE Program Container

Additional References

References