Critical severity9.8NVD Advisory· Published Oct 8, 2019· Updated Jun 17, 2026
CVE-2019-10757
CVE-2019-10757
Description
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
knexnpm | < 0.19.5 | 0.19.5 |
Affected products
2- knex.js/knex.jsdescription
Patches
Vulnerability mechanics
References
3- snyk.io/vuln/SNYK-JS-KNEX-471962nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-58v4-qwx5-7f59ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-10757ghsaADVISORY
News mentions
0No linked articles in our index yet.