Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the `getPackedPackage` function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-04-29T00:45:16

Updated: 2024-08-03T18:09:16.130Z

Reserved: 2020-12-22T00:00:00

Link: CVE-2021-21414

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-04-29T01:15:07.930

Modified: 2024-11-21T05:48:18.763

Link: CVE-2021-21414

cve-icon Redhat

No data.