CVE-2016-20018

Name of the Vulnerable Software and Affected Versions Knex.js versions through 2.3.0

Description The issue is a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0. Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs, which could let an attacker obtain OAuth2 Access Tokens for unrelated users.

Recommendations For versions through 2.3.0, update to version 2.4.0 to resolve the issue. As a temporary workaround, consider restricting access to MySQL queries to minimize the risk of exploitation.