Vulnerabilities > CVE-2021-21414 - Unspecified vulnerability in Prisma
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the `@prisma/sdk` package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. It only affects the `getPackedPackage` function and this function is not advertised and only used for tests & building our CLI, no malicious code was found after checking our codebase.
Vulnerable Configurations
References
- https://github.com/prisma/prisma/pull/6245
- https://github.com/prisma/prisma/pull/6245
- https://github.com/prisma/prisma/security/advisories/GHSA-pxcc-hj8w-fmm7
- https://github.com/prisma/prisma/security/advisories/GHSA-pxcc-hj8w-fmm7
- https://security.netapp.com/advisory/ntap-20210618-0003/
- https://security.netapp.com/advisory/ntap-20210618-0003/