CVE-2019-10757
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-10757
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10757.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-10757
- Aliases
- Related
- Published
- 2019-10-08T20:15:11.730Z
- Modified
- 2025-11-20T10:55:21.745012Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
- References
Affected packages
Git / github.com/knex/knex
Affected ranges
- Type
- GIT
- Repo
- https://github.com/knex/knex
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
0,14,2
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.10.0
0.10.0-rc1
0.11.0
0.11.1
0.11.10
0.11.2
0.11.3
0.11.4
0.11.5
0.11.6
0.11.7
0.11.8
0.11.9
0.12.0
0.12.1
0.12.2
0.12.4
0.12.5
0.12.6
0.12.8
0.12.9
0.13.0
0.14.1
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.15.2
0.16.0
0.16.1
0.16.3
0.16.4
0.16.5
0.16.6
0.16.7
0.17.0
0.17.2
0.18.4
0.19.0
0.19.3
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.4.0
0.4.1
0.4.10
0.4.11
0.4.12
0.4.13
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.10
0.5.11
0.5.12
0.5.13
0.5.14
0.5.15
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.8
0.5.9
0.6.0
0.6.1
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.6.16
0.6.17
0.6.18
0.6.19
0.6.2
0.6.20
0.6.21
0.6.22
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.9.0
016.*
016.5
v0.*
v0.15.1
v0.16.2