2 matches found
GHSA-58V4-QWX5-7F59 SQL Injection in knex
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB...
SQL Injection
Overview knex is a query builder for PostgreSQL, MySQL and SQLite3 Affected versions of this package are vulnerable to SQL Injection. None Remediation Upgrade knex to version 0.19.5 or higher. References - GitHub Commit - GitHub PR Credit: Snyk Security Research Team...