CVE-2021-21414

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-21414
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21414.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-21414
Aliases
Published
2021-04-29T01:15:07.930Z
Modified
2026-03-10T23:30:05.757781050Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the getPackedPackage function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase.

References

Affected packages

Git / github.com/prisma/prisma

Affected ranges

Type
GIT
Repo
https://github.com/prisma/prisma
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f4a33087a431bb94c3996adecffb6d1176f419b5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.20.0"
        }
    ]
}

Affected versions

2.*
2.0.0
2.0.0-beta.1
2.0.0-beta.2
2.0.0-beta.3
2.0.0-beta.4
2.0.0-beta.5
2.0.0-beta.6
2.0.0-beta.7
2.0.0-beta.8
2.0.0-beta.9
2.0.0-preview-1
2.0.0-preview-10
2.0.0-preview-11
2.0.0-preview-12
2.0.0-preview-13
2.0.0-preview-13.1
2.0.0-preview-13.2
2.0.0-preview-2
2.0.0-preview-3
2.0.0-preview-3.1
2.0.0-preview-3.2
2.0.0-preview-5
2.0.0-preview-6
2.0.0-preview-6.1
2.0.0-preview-7
2.0.0-preview-8
2.0.0-preview-9
2.0.0-preview-9.1
2.0.0-preview013.3
2.0.0-preview014
2.0.0-preview014.1
2.0.0-preview014.2
2.0.0-preview015
2.0.0-preview016
2.0.0-preview016.1
2.0.0-preview016.2
2.0.0-preview017
2.0.0-preview017.1
2.0.0-preview017.2
2.0.0-preview018
2.0.0-preview018.1
2.0.0-preview018.2
2.0.0-preview019
2.0.0-preview020
2.0.0-preview020.1
2.0.0-preview020.2
2.0.0-preview020.3
2.0.0-preview021
2.0.0-preview022
2.0.0-preview023
2.0.0-preview024
2.0.0-preview025
2.0.1
2.1.0
2.1.1
2.1.2
2.1.3
2.10.0
2.10.1
2.10.2
2.11.0
2.12.0
2.12.1
2.13.0
2.13.1
2.14.0
2.15.0
2.16.0
2.16.1
2.17.0
2.18.0
2.19.0
2.2.0
2.3.0
2.4.0
2.4.1
2.5.0
2.5.1
2.6.0
2.6.1
2.6.2
2.7.0
2.7.1
2.8.0
2.8.1
2.9.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21414.json"