Knexjs: Security Vulnerabilities
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-12-19
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-10-08