CVE-2021-21415

Name of the Vulnerable Software and Affected Versions Prisma VS Code versions prior to 2.20.0

Description This issue is a Remote Code Execution vulnerability. It affects the Prisma VS Code extension when a custom binary path for the Prisma format binary is set in VS Code Settings, for example, through a .vscode/settings.json file that sets a value for prismaFmtBinPath. The custom binary is executed during auto-formatting or validation checks on *.prisma files.

Recommendations For versions prior to 2.20.0, as a temporary workaround, users can edit or delete the .vscode/settings.json file, or check if the binary is malicious and delete it. To fully resolve the issue, update to version 2.20.0 or later.