CVE-2019-10757

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-10757
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10757.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10757
Aliases
Related
  • SNYK-JS-KNEX-471962
Published
2019-10-08T20:15:11.730Z
Modified
2026-04-10T04:13:55.226917Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.

References

Affected packages

Git / github.com/knex/knex

Affected ranges

Type
GIT
Repo
https://github.com/knex/knex
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
48d8c7eb59525df47812047f9a30e785f9883633
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.19.5"
        }
    ]
}

Affected versions

Other
0,14,2
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.10.0
0.10.0-rc1
0.11.0
0.11.1
0.11.10
0.11.2
0.11.3
0.11.4
0.11.5
0.11.6
0.11.7
0.11.8
0.11.9
0.12.0
0.12.1
0.12.8
0.12.9
0.13.0
0.14.1
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.15.2
0.16.0
0.16.1
0.16.3
0.17.0
0.17.2
0.18.4
0.19.0
0.19.3
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.4.0
0.4.1
0.4.10
0.4.11
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.6.16
0.6.17
0.6.18
0.6.19
0.6.2
0.6.20
0.6.21
0.6.22
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.9.0
v0.*
v0.15.1
v0.16.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10757.json"