Описание
SQL Injection in knex
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
Пакеты
Наименование
knex
npm
Затронутые версииВерсия исправления
< 0.19.5
0.19.5
Связанные уязвимости
CVSS3: 9.8
nvd
больше 6 лет назад
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.