CVE-2019-10757 Vulnerability in npm package knex

Description

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.

Remediation

References

https://snyk.io/vuln/SNYK-JS-KNEX-471962

Related Vulnerabilities

CVE-2017-16134 Vulnerability in npm package http_static_simple

CVE-2021-27290 Vulnerability in maven package org.webjars.npm:ssri

CVE-2022-1365 Vulnerability in npm package cross-fetch

CVE-2021-3803 Vulnerability in npm package nth-check

CVE-2020-16041 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H