CVE-2019-10757

Summary

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.

Affected Software

VendorProductVersion RangeStatus
n/aknex.jsAll versions prior to version 0.19.5affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References