Description
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
Remediation
References
https://www.ghostccamm.com/blog/knex_sqli/
https://github.com/knex/knex/issues/1227
https://nvd.nist.gov/vuln/detail/CVE-2016-20018
Related Vulnerabilities
CVE-2022-45146 Vulnerability in maven package org.bouncycastle:bc-fips
CVE-2023-46998 Vulnerability in maven package org.webjars.bower:bootbox.js
CVE-2020-7743 Vulnerability in maven package org.webjars:mathjs
CVE-2023-29641 Vulnerability in npm package editor.md
CVE-2020-8203 Vulnerability in maven package org.webjars.npm:lodash