Description
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
Remediation
References
https://snyk.io/vuln/SNYK-JS-KNEX-471962
Related Vulnerabilities
CVE-2018-16474 Vulnerability in npm package tianma-static
CVE-2021-21119 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-7682 Vulnerability in npm package marked-tree
CVE-2020-36604 Vulnerability in npm package @hapi/hoek
CVE-2020-36049 Vulnerability in maven package org.webjars.npm:socket.io-parser