Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the `getPackedPackage` function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-04-29T00:45:16
Updated: 2024-08-03T18:09:16.130Z
Reserved: 2020-12-22T00:00:00
Link: CVE-2021-21414
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-29T01:15:07.930
Modified: 2024-11-21T05:48:18.763
Link: CVE-2021-21414
Redhat
No data.