4 matches found
63pokupki-nodejs-common (=0.0.2), @63pokupki/nodejs-common (>=0.0.2 <=0.0.85) +1209 more potentially affected by CVE-2019-10757 via knex (>=0.10.0 <=0.19.4)
knex NPM version =0.10.0, =0.0.2, =1.0.10, =0.0.1, =4.0.0, =0.0.1, =0.1.0, =0.0.1, =0.2.0, =0.1.0, =0.1.1, =0.5.0 and more Source cves: CVE-2019-10757 Source advisory: OSV:GHSA-58V4-QWX5-7F59...
CVE-2019-10757
CVE-2019-10757 affects knex.js versions before 0.19.5. The root cause is that identifiers are escaped incorrectly in the MSSQL dialect, enabling an attacker to craft a malicious query to the host database (SQL Injection). Impact is described as vulnerable to SQL injection; mitigation provided in ...
CVE-2019-10757
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB...
63pokupki-nodejs-common (=0.0.2), @63pokupki/nodejs-common (>=0.0.2 <=0.0.85) +1209 more potentially affected by CVE-2019-10757 via knex (>=0.10.0 <=0.19.4)
knex NPM version =0.10.0, =0.0.2, =1.0.10, =0.0.1, =4.0.0, =0.0.1, =0.1.0, =0.0.1, =0.2.0, =0.1.0, =0.1.1, =0.5.0 and more Source cves: CVE-2019-10757 Source advisory: SNYK:JS-KNEX-471962...