npm package
knex
pkg:npm/knex
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-20018 | Hig | 7.5 | < 2.4.0 | 2.4.0 | Dec 19, 2022 | Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. | |
| CVE-2019-10757 | Cri | 9.8 | < 0.19.5 | 0.19.5 | Oct 8, 2019 | knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB. |
- affected < 2.4.0fixed 2.4.0
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
- affected < 0.19.5fixed 0.19.5
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.