VYPR
Critical severity9.8NVD Advisory· Published Oct 8, 2019· Updated Jun 17, 2026

CVE-2019-10757

CVE-2019-10757

Description

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
knexnpm
< 0.19.50.19.5

Affected products

2
  • knex.js/knex.jsdescription
  • ghsa-coords
    Range: < 0.19.5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.