CVE-2019-10757

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.

Published : 2019-10-08 20:15 Updated : 2019-10-15 14:30

7.5
CVSS Score More info
Score 7.5 / 10
7.5
Vendor Product Version URI
Knexjs Knex 0 cpe:/a:knexjs:knex:0::~~~node.js~~
Knexjs Knex 0.1.0 cpe:/a:knexjs:knex:0.1.0::~~~node.js~~
Knexjs Knex 0.1.1 cpe:/a:knexjs:knex:0.1.1::~~~node.js~~
Knexjs Knex 0.1.2 cpe:/a:knexjs:knex:0.1.2::~~~node.js~~
Knexjs Knex 0.1.3 cpe:/a:knexjs:knex:0.1.3::~~~node.js~~
Knexjs Knex 0.1.4 cpe:/a:knexjs:knex:0.1.4::~~~node.js~~
Knexjs Knex 0.1.5 cpe:/a:knexjs:knex:0.1.5::~~~node.js~~
Knexjs Knex 0.1.6 cpe:/a:knexjs:knex:0.1.6::~~~node.js~~
Knexjs Knex 0.1.7 cpe:/a:knexjs:knex:0.1.7::~~~node.js~~
Knexjs Knex 0.1.8 cpe:/a:knexjs:knex:0.1.8::~~~node.js~~
Knexjs Knex 0.2.0 cpe:/a:knexjs:knex:0.2.0::~~~node.js~~
Knexjs Knex 0.2.1 cpe:/a:knexjs:knex:0.2.1::~~~node.js~~
Knexjs Knex 0.2.2 cpe:/a:knexjs:knex:0.2.2::~~~node.js~~
Knexjs Knex 0.2.3 cpe:/a:knexjs:knex:0.2.3::~~~node.js~~
Knexjs Knex 0.2.4 cpe:/a:knexjs:knex:0.2.4::~~~node.js~~
Knexjs Knex 0.2.5 cpe:/a:knexjs:knex:0.2.5::~~~node.js~~
Knexjs Knex 0.2.6 cpe:/a:knexjs:knex:0.2.6::~~~node.js~~
Knexjs Knex 0.4.0 cpe:/a:knexjs:knex:0.4.0::~~~node.js~~
Knexjs Knex 0.4.1 cpe:/a:knexjs:knex:0.4.1::~~~node.js~~
Knexjs Knex 0.4.2 cpe:/a:knexjs:knex:0.4.2::~~~node.js~~
Knexjs Knex 0.4.3 cpe:/a:knexjs:knex:0.4.3::~~~node.js~~
Knexjs Knex 0.4.4 cpe:/a:knexjs:knex:0.4.4::~~~node.js~~
Knexjs Knex 0.4.5 cpe:/a:knexjs:knex:0.4.5::~~~node.js~~
Knexjs Knex 0.4.6 cpe:/a:knexjs:knex:0.4.6::~~~node.js~~
Knexjs Knex 0.4.7 cpe:/a:knexjs:knex:0.4.7::~~~node.js~~
Knexjs Knex 0.4.8 cpe:/a:knexjs:knex:0.4.8::~~~node.js~~
Knexjs Knex 0.4.9 cpe:/a:knexjs:knex:0.4.9::~~~node.js~~
Knexjs Knex 0.4.10 cpe:/a:knexjs:knex:0.4.10::~~~node.js~~
Knexjs Knex 0.4.11 cpe:/a:knexjs:knex:0.4.11::~~~node.js~~
Knexjs Knex 0.4.12 cpe:/a:knexjs:knex:0.4.12::~~~node.js~~
Knexjs Knex 0.4.13 cpe:/a:knexjs:knex:0.4.13::~~~node.js~~
Knexjs Knex 0.5.0 cpe:/a:knexjs:knex:0.5.0::~~~node.js~~
Knexjs Knex 0.5.1 cpe:/a:knexjs:knex:0.5.1::~~~node.js~~
Knexjs Knex 0.5.2 cpe:/a:knexjs:knex:0.5.2::~~~node.js~~
Knexjs Knex 0.5.3 cpe:/a:knexjs:knex:0.5.3::~~~node.js~~
Knexjs Knex 0.5.4 cpe:/a:knexjs:knex:0.5.4::~~~node.js~~
Knexjs Knex 0.5.5 cpe:/a:knexjs:knex:0.5.5::~~~node.js~~
Knexjs Knex 0.5.6 cpe:/a:knexjs:knex:0.5.6::~~~node.js~~
Knexjs Knex 0.5.7 cpe:/a:knexjs:knex:0.5.7::~~~node.js~~
Knexjs Knex 0.5.8 cpe:/a:knexjs:knex:0.5.8::~~~node.js~~
Knexjs Knex 0.5.9 cpe:/a:knexjs:knex:0.5.9::~~~node.js~~
Knexjs Knex 0.5.10 cpe:/a:knexjs:knex:0.5.10::~~~node.js~~
Knexjs Knex 0.5.11 cpe:/a:knexjs:knex:0.5.11::~~~node.js~~
Knexjs Knex 0.5.12 cpe:/a:knexjs:knex:0.5.12::~~~node.js~~
Knexjs Knex 0.5.13 cpe:/a:knexjs:knex:0.5.13::~~~node.js~~
Knexjs Knex 0.5.14 cpe:/a:knexjs:knex:0.5.14::~~~node.js~~
Knexjs Knex 0.5.15 cpe:/a:knexjs:knex:0.5.15::~~~node.js~~
Knexjs Knex 0.6.0 cpe:/a:knexjs:knex:0.6.0::~~~node.js~~
Knexjs Knex 0.6.1 cpe:/a:knexjs:knex:0.6.1::~~~node.js~~
Knexjs Knex 0.6.2 cpe:/a:knexjs:knex:0.6.2::~~~node.js~~
Knexjs Knex 0.6.3 cpe:/a:knexjs:knex:0.6.3::~~~node.js~~
Knexjs Knex 0.6.4 cpe:/a:knexjs:knex:0.6.4::~~~node.js~~
Knexjs Knex 0.6.5 cpe:/a:knexjs:knex:0.6.5::~~~node.js~~
Knexjs Knex 0.6.6 cpe:/a:knexjs:knex:0.6.6::~~~node.js~~
Knexjs Knex 0.6.7 cpe:/a:knexjs:knex:0.6.7::~~~node.js~~
Knexjs Knex 0.6.8 cpe:/a:knexjs:knex:0.6.8::~~~node.js~~
Knexjs Knex 0.6.9 cpe:/a:knexjs:knex:0.6.9::~~~node.js~~
Knexjs Knex 0.6.10 cpe:/a:knexjs:knex:0.6.10::~~~node.js~~
Knexjs Knex 0.6.11 cpe:/a:knexjs:knex:0.6.11::~~~node.js~~
Knexjs Knex 0.6.12 cpe:/a:knexjs:knex:0.6.12::~~~node.js~~
Knexjs Knex 0.6.13 cpe:/a:knexjs:knex:0.6.13::~~~node.js~~
Knexjs Knex 0.6.14 cpe:/a:knexjs:knex:0.6.14::~~~node.js~~
Knexjs Knex 0.6.15 cpe:/a:knexjs:knex:0.6.15::~~~node.js~~
Knexjs Knex 0.6.16 cpe:/a:knexjs:knex:0.6.16::~~~node.js~~
Knexjs Knex 0.6.17 cpe:/a:knexjs:knex:0.6.17::~~~node.js~~
Knexjs Knex 0.6.18 cpe:/a:knexjs:knex:0.6.18::~~~node.js~~
Knexjs Knex 0.6.19 cpe:/a:knexjs:knex:0.6.19::~~~node.js~~
Knexjs Knex 0.6.20 cpe:/a:knexjs:knex:0.6.20::~~~node.js~~
Knexjs Knex 0.6.21 cpe:/a:knexjs:knex:0.6.21::~~~node.js~~
Knexjs Knex 0.6.22 cpe:/a:knexjs:knex:0.6.22::~~~node.js~~
Knexjs Knex 0.6.23 cpe:/a:knexjs:knex:0.6.23::~~~node.js~~
Knexjs Knex 0.7.0 cpe:/a:knexjs:knex:0.7.0::~~~node.js~~
Knexjs Knex 0.7.1 cpe:/a:knexjs:knex:0.7.1::~~~node.js~~
Knexjs Knex 0.7.2 cpe:/a:knexjs:knex:0.7.2::~~~node.js~~
Knexjs Knex 0.7.3 cpe:/a:knexjs:knex:0.7.3::~~~node.js~~
Knexjs Knex 0.7.4 cpe:/a:knexjs:knex:0.7.4::~~~node.js~~
Knexjs Knex 0.7.5 cpe:/a:knexjs:knex:0.7.5::~~~node.js~~
Knexjs Knex 0.7.6 cpe:/a:knexjs:knex:0.7.6::~~~node.js~~
Knexjs Knex 0.8.0 cpe:/a:knexjs:knex:0.8.0::~~~node.js~~
Knexjs Knex 0.8.1 cpe:/a:knexjs:knex:0.8.1::~~~node.js~~
Knexjs Knex 0.8.2 cpe:/a:knexjs:knex:0.8.2::~~~node.js~~
Knexjs Knex 0.8.3 cpe:/a:knexjs:knex:0.8.3::~~~node.js~~
Knexjs Knex 0.8.4 cpe:/a:knexjs:knex:0.8.4::~~~node.js~~
Knexjs Knex 0.8.5 cpe:/a:knexjs:knex:0.8.5::~~~node.js~~
Knexjs Knex 0.8.6 cpe:/a:knexjs:knex:0.8.6::~~~node.js~~
Knexjs Knex 0.9.0 cpe:/a:knexjs:knex:0.9.0::~~~node.js~~
Knexjs Knex 0.10.0 cpe:/a:knexjs:knex:0.10.0::~~~node.js~~
Knexjs Knex 0.11.0 cpe:/a:knexjs:knex:0.11.0::~~~node.js~~
Knexjs Knex 0.11.1 cpe:/a:knexjs:knex:0.11.1::~~~node.js~~
Knexjs Knex 0.11.2 cpe:/a:knexjs:knex:0.11.2::~~~node.js~~
Knexjs Knex 0.11.3 cpe:/a:knexjs:knex:0.11.3::~~~node.js~~
Knexjs Knex 0.11.4 cpe:/a:knexjs:knex:0.11.4::~~~node.js~~
Knexjs Knex 0.11.5 cpe:/a:knexjs:knex:0.11.5::~~~node.js~~
Knexjs Knex 0.11.6 cpe:/a:knexjs:knex:0.11.6::~~~node.js~~
Knexjs Knex 0.11.7 cpe:/a:knexjs:knex:0.11.7::~~~node.js~~
Knexjs Knex 0.11.8 cpe:/a:knexjs:knex:0.11.8::~~~node.js~~
Knexjs Knex 0.11.9 cpe:/a:knexjs:knex:0.11.9::~~~node.js~~
Knexjs Knex 0.11.10 cpe:/a:knexjs:knex:0.11.10::~~~node.js~~
Knexjs Knex 0.12.0 cpe:/a:knexjs:knex:0.12.0::~~~node.js~~
Knexjs Knex 0.12.1 cpe:/a:knexjs:knex:0.12.1::~~~node.js~~
Knexjs Knex 0.12.2 cpe:/a:knexjs:knex:0.12.2::~~~node.js~~
Knexjs Knex 0.12.3 cpe:/a:knexjs:knex:0.12.3::~~~node.js~~
Knexjs Knex 0.12.4 cpe:/a:knexjs:knex:0.12.4::~~~node.js~~
Knexjs Knex 0.12.5 cpe:/a:knexjs:knex:0.12.5::~~~node.js~~
Knexjs Knex 0.12.6 cpe:/a:knexjs:knex:0.12.6::~~~node.js~~
Knexjs Knex 0.12.7 cpe:/a:knexjs:knex:0.12.7::~~~node.js~~
Knexjs Knex 0.12.8 cpe:/a:knexjs:knex:0.12.8::~~~node.js~~
Knexjs Knex 0.12.9 cpe:/a:knexjs:knex:0.12.9::~~~node.js~~
Knexjs Knex 0.13.0 cpe:/a:knexjs:knex:0.13.0::~~~node.js~~
Knexjs Knex 0.14.0 cpe:/a:knexjs:knex:0.14.0::~~~node.js~~
Knexjs Knex 0.14.1 cpe:/a:knexjs:knex:0.14.1::~~~node.js~~
Knexjs Knex 0.14.3 cpe:/a:knexjs:knex:0.14.3::~~~node.js~~
Knexjs Knex 0.14.4 cpe:/a:knexjs:knex:0.14.4::~~~node.js~~
Knexjs Knex 0.14.5 cpe:/a:knexjs:knex:0.14.5::~~~node.js~~
Knexjs Knex 0.14.6 cpe:/a:knexjs:knex:0.14.6::~~~node.js~~
Knexjs Knex 0.15.0 cpe:/a:knexjs:knex:0.15.0::~~~node.js~~
Knexjs Knex 0.15.2 cpe:/a:knexjs:knex:0.15.2::~~~node.js~~
Knexjs Knex 0.16.0 cpe:/a:knexjs:knex:0.16.0::~~~node.js~~
Knexjs Knex 0.16.1 cpe:/a:knexjs:knex:0.16.1::~~~node.js~~
Knexjs Knex 0.16.3 cpe:/a:knexjs:knex:0.16.3::~~~node.js~~
Knexjs Knex 0.16.4 cpe:/a:knexjs:knex:0.16.4::~~~node.js~~
Knexjs Knex 0.16.5 cpe:/a:knexjs:knex:0.16.5::~~~node.js~~
Knexjs Knex 0.16.6 cpe:/a:knexjs:knex:0.16.6::~~~node.js~~
Knexjs Knex 0.16.7 cpe:/a:knexjs:knex:0.16.7::~~~node.js~~
Knexjs Knex 0.17.0 cpe:/a:knexjs:knex:0.17.0::~~~node.js~~
Knexjs Knex 0.17.2 cpe:/a:knexjs:knex:0.17.2::~~~node.js~~
Knexjs Knex 0.18.4 cpe:/a:knexjs:knex:0.18.4::~~~node.js~~
Knexjs Knex 0.19.0 cpe:/a:knexjs:knex:0.19.0::~~~node.js~~
Knexjs Knex 0.19.3 cpe:/a:knexjs:knex:0.19.3::~~~node.js~~
  1. Knexjs (1) Search CVE
    1. Knex (129) Search CVE
      1. 0
      2. 0.1.0
      3. 0.1.1
      4. 0.1.2
      5. 0.1.3
      6. 0.1.4
      7. 0.1.5
      8. 0.1.6
      9. 0.1.7
      10. 0.1.8
      11. 0.2.0
      12. 0.2.1
      13. 0.2.2
      14. 0.2.3
      15. 0.2.4
      16. 0.2.5
      17. 0.2.6
      18. 0.4.0
      19. 0.4.1
      20. 0.4.2
      21. 0.4.3
      22. 0.4.4
      23. 0.4.5
      24. 0.4.6
      25. 0.4.7
      26. 0.4.8
      27. 0.4.9
      28. 0.4.10
      29. 0.4.11
      30. 0.4.12
      31. 0.4.13
      32. 0.5.0
      33. 0.5.1
      34. 0.5.2
      35. 0.5.3
      36. 0.5.4
      37. 0.5.5
      38. 0.5.6
      39. 0.5.7
      40. 0.5.8
      41. 0.5.9
      42. 0.5.10
      43. 0.5.11
      44. 0.5.12
      45. 0.5.13
      46. 0.5.14
      47. 0.5.15
      48. 0.6.0
      49. 0.6.1
      50. 0.6.2
      51. 0.6.3
      52. 0.6.4
      53. 0.6.5
      54. 0.6.6
      55. 0.6.7
      56. 0.6.8
      57. 0.6.9
      58. 0.6.10
      59. 0.6.11
      60. 0.6.12
      61. 0.6.13
      62. 0.6.14
      63. 0.6.15
      64. 0.6.16
      65. 0.6.17
      66. 0.6.18
      67. 0.6.19
      68. 0.6.20
      69. 0.6.21
      70. 0.6.22
      71. 0.6.23
      72. 0.7.0
      73. 0.7.1
      74. 0.7.2
      75. 0.7.3
      76. 0.7.4
      77. 0.7.5
      78. 0.7.6
      79. 0.8.0
      80. 0.8.1
      81. 0.8.2
      82. 0.8.3
      83. 0.8.4
      84. 0.8.5
      85. 0.8.6
      86. 0.9.0
      87. 0.10.0
      88. 0.11.0
      89. 0.11.1
      90. 0.11.2
      91. 0.11.3
      92. 0.11.4
      93. 0.11.5
      94. 0.11.6
      95. 0.11.7
      96. 0.11.8
      97. 0.11.9
      98. 0.11.10
      99. 0.12.0
      100. 0.12.1
      101. 0.12.2
      102. 0.12.3
      103. 0.12.4
      104. 0.12.5
      105. 0.12.6
      106. 0.12.7
      107. 0.12.8
      108. 0.12.9
      109. 0.13.0
      110. 0.14.0
      111. 0.14.1
      112. 0.14.3
      113. 0.14.4
      114. 0.14.5
      115. 0.14.6
      116. 0.15.0
      117. 0.15.2
      118. 0.16.0
      119. 0.16.1
      120. 0.16.3
      121. 0.16.4
      122. 0.16.5
      123. 0.16.6
      124. 0.16.7
      125. 0.17.0
      126. 0.17.2
      127. 0.18.4
      128. 0.19.0
      129. 0.19.3

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

Reference

History of changes

Date Event
2019-10-15 14:30
2019-10-08 20:30

New CVE