Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4jv9-3563-23j3: Knex.js has a limited SQL injection vulnerability

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.

ghsa
#sql#vulnerability#js#git

Knex.js has a limited SQL injection vulnerability

Moderate severity GitHub Reviewed Published Dec 19, 2022 • Updated Dec 20, 2022

Related news

CVE-2023-22494: Potential SQL Injections

a12nserver is an open source lightweight OAuth2 server. Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients. The knex dependency has been updated to 2.4.0 in a12nserver 0.23.0. There are no known workarounds.

CVE-2016-20018: GhostCcamm's Cyber Misadventures

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.