530 matches found
CVE-2021-3040
Summary: CVE-2021-3040 describes an unsafe deserialization vulnerability in Bridgecrew Checkov (Prisma Cloud) that enables arbitrary code execution when processing a malicious Terraform file. The issue affects Checkov 2.0 versions earlier than 2.0.139; Checkov 1.0 is not affected. Affected softwa...
CVE-2021-3040 Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted...
CVE-2021-3039
CVE-2021-3039 affects Palo Alto Networks Prisma Cloud Compute Console. The issue is an information exposure where a secret used to authorize the authenticated user’s role is logged to a debug log file, enabling an authenticated Operator or Auditor with log access to potentially elevate to Adminis...
Prisma Cloud Compute: User role authorization secret for Console leaked through log file export
An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log...
Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.139. Checkov 1.0 versions are not impacted. Work around: Do not run Checkov on...
Palo Alto Networks Prisma Cloud 日志信息泄露漏洞
Palo Alto Networks Prisma Cloud is a comprehensive cloud-native security platform from US-based Palo Alto Networks, Inc. provides cloud security services. Palo Alto Networks Prisma Cloud Compute suffers from a log information disclosure vulnerability that originates when a secret used to authoriz...
CVE-2021-21415
Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...
CVE-2021-21415
Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...
Remote code execution
Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...
CVE-2021-21415 Visual Studio Code Prisma Extension Remote Code Execution Vulnerability
Prisma VS Code a VSCode extension for Prisma schema files. This is a Remote Code Execution Vulnerability that affects all versions of the Prisma VS Code extension older than 2.20.0. If a custom binary path for the Prisma format binary is set in VS Code Settings, for example by downloading a proje...
CVE-2021-21415
CVE-2021-21415 concerns the Prisma VS Code extension for Prisma schema files. The vulnerability allows remote code execution when a user has a custom binary path for the Prisma format binary (for example via .vscode/settings.json with prismaFmtBinPath). This binary is executed during auto-formatt...
CVE-2021-21414
Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...
CVE-2021-21414
Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...
Remote code execution
Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...
CVE-2021-21414 Command injection vulnerability in @prisma/sdk in getPackedPackage function
Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...
CVE-2021-21414
The CVE-2021-21414 entry concerns Prisma’s @prisma/sdk, specifically the getPackedPackage function, where untrusted input could lead to OS command injection and remote code execution. The vulnerability was identified across multiple records and is mitigated by patches in @prisma/sdk version 2.20....
Prisma VS Code extension 安全漏洞
Prisma VS Code extension is a code extension that can perform syntax highlighting, formatting, renaming, quick fixes, etc. for prisma files. A security vulnerability exists in Prisma VS Code extension, which can be exploited for remote code execution...
PT-2021-14490 · Prisma · Prisma Vs Code
Name of the Vulnerable Software and Affected Versions: Prisma VS Code versions prior to 2.20.0 Description: This issue is a Remote Code Execution vulnerability. It affects the Prisma VS Code extension when a custom binary path for the Prisma format binary is set in VS Code Settings, for example,...
Prisma 操作系统命令注入漏洞
Prism is an application from the US-based individual developers of Prism. It is a lightweight, extensible syntax highlighting tool. Prisma suffers from an operating system command injection vulnerability that can be exploited by an attacker to cause remote code execution...
CVE-2021-3035
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted...