Description
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
Remediation
References
https://snyk.io/vuln/SNYK-JS-KNEX-471962
Related Vulnerabilities
CVE-2020-7639 Vulnerability in npm package eivindfjeldstad-dot
CVE-2022-40664 Vulnerability in maven package org.apache.shiro:shiro-core
CVE-2023-4316 Vulnerability in npm package zod
CVE-2020-7961 Vulnerability in maven package com.liferay.portal:com.liferay.portal.impl
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r5