PT-2019-12031 · Knex.Js · Knex.Js

Publicado

2019-10-08

·

Atualizado

2019-10-21

·

CVE-2019-10757

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions knex.js versions prior to 0.19.5
Description The issue concerns an SQL Injection attack due to incorrect escaping of identifiers in the MSSQL dialect. This allows attackers to craft malicious queries to the host database.
Recommendations For versions prior to 0.19.5, update to version 0.19.5 or later to resolve the issue.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2019-10757
GHSA-58V4-QWX5-7F59
SNYK-JS-KNEX-471962

Produtos afetados

Knex.Js