CVE-2021-21414

Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...

OS Command Injection

@prisma/sdk is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary code on the host OS by sending a malicious command via the function getPackedPackage...

Command injection vulnerability in @prisma/sdk in getPackedPackage function

Impact As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the...

@bifot/adapter-knex (=12.0.2), @blitzjs/cli (>=0.25.0 <=0.45.2-danger.c8bb361b5.1) +85 more potentially affected by CVE-2021-21414 via @prisma/sdk (>=0.0.10 <=2.19.0)

@prisma/sdk NPM version =0.0.10, =0.25.0, =0.35.0, =0.0.1, =0.0.1, =0.0.4, =0.0.6, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 - @keystonejs-contrib/fields-editorjs =0.1.1 and more Source cves: CVE-2021-21414 Source advisory: OSV:GHSA-PXCC-HJ8W-FMM7...