Description
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
Remediation
References
https://snyk.io/vuln/SNYK-JS-KNEX-471962
Related Vulnerabilities
CVE-2022-24433 Vulnerability in npm package simple-git
CVE-2020-28500 Vulnerability in maven package org.webjars.npm:lodash
CVE-2021-3918 Vulnerability in npm package json-schema
CVE-2022-25914 Vulnerability in maven package com.google.cloud.tools:jib-core
CVE-2020-7743 Vulnerability in maven package org.webjars.bower:mathjs