Description
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
Remediation
References
https://snyk.io/vuln/SNYK-JS-KNEX-471962
Related Vulnerabilities
CVE-2022-21169 Vulnerability in npm package express-xss-sanitizer
CVE-2021-32696 Vulnerability in npm package striptags
CVE-2020-7699 Vulnerability in npm package express-fileupload
CVE-2023-26117 Vulnerability in npm package angular
CVE-2022-1330 Vulnerability in maven package org.webjars.bowergithub.alvarotrigo:fullpage.js