CVE-2016-20018
HIGH7.5EPSS 0.11%Knex.js has a limited SQL injection vulnerability
發布日:2022/12/19修改日:2023/11/8
描述
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.
受影響套件(1)
- npm/knexfrom 0, < 2.4.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-20018
- PATCHhttps://github.com/knex/knex
- WEBhttps://github.com/knex/knex/commit/e145322da92749be7749f9ade5b5f5a66d6586a4
- WEBhttps://github.com/knex/knex/issues/1227
- WEBhttps://github.com/knex/knex/pull/5417
- WEBhttps://github.com/knex/knex/releases/tag/2.4.0
- WEBhttps://www.ghostccamm.com/blog/knex_sqli