VYPR

npm package

knex

pkg:npm/knex

Vulnerabilities (2)

  • CVE-2016-20018HigDec 19, 2022
    affected < 2.4.0fixed 2.4.0

    Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.

  • CVE-2019-10757CriOct 8, 2019
    affected < 0.19.5fixed 0.19.5

    knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.