Description
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
Remediation
References
https://snyk.io/vuln/SNYK-JS-KNEX-471962
Related Vulnerabilities
CVE-2020-9483 Vulnerability in maven package org.apache.skywalking:oap-server
CVE-2022-0144 Vulnerability in npm package shelljs
CVE-2022-0437 Vulnerability in npm package karma
CVE-2022-0853 Vulnerability in maven package jboss:jboss-client
CVE-2022-31129 Vulnerability in maven package org.webjars.bower:moment