Description
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
Remediation
References
https://snyk.io/vuln/SNYK-JS-KNEX-471962
Related Vulnerabilities
CVE-2023-4863 Vulnerability in npm package electron
CVE-2021-39132 Vulnerability in maven package org.rundeck:rundeck-core
CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-common
CVE-2020-6428 Vulnerability in npm package electron
CVE-2020-26296 Vulnerability in maven package org.webjars.bowergithub.vega:vega