knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
References
Link | Resource |
---|---|
https://snyk.io/vuln/SNYK-JS-KNEX-471962 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-10-08 20:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-10757
Mitre link : CVE-2019-10757
CVE.ORG link : CVE-2019-10757
JSON object : View
Products Affected
knexjs
- knex
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')