Description
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
Remediation
References
https://snyk.io/vuln/SNYK-JS-KNEX-471962
Related Vulnerabilities
CVE-2020-12648 Vulnerability in maven package org.webjars.bower:tinymce
CVE-2021-23337 Vulnerability in maven package org.webjars:lodash
CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-engineplugin-jdbc
CVE-2022-31159 Vulnerability in maven package com.amazonaws:aws-java-sdk-s3
CVE-2010-3863 Vulnerability in maven package org.apache.shiro:shiro-all