Description
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
Remediation
References
https://github.com/knex/knex/issues/1227
https://nvd.nist.gov/vuln/detail/CVE-2016-20018
https://www.ghostccamm.com/blog/knex_sqli/
Related Vulnerabilities
CVE-2021-32827 Vulnerability in maven package org.mock-server:mockserver-core
CVE-2018-6561 Vulnerability in maven package org.webjars.npm:dijit
CVE-2019-20920 Vulnerability in npm package handlebars
CVE-2016-3088 Vulnerability in maven package org.apache.activemq:activemq-fileserver
CVE-2017-17837 Vulnerability in maven package org.apache.deltaspike.modules:jsf-module-project