CVE-2016-20018: Knex.js has a limited SQL injection vulnerability
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.51549%
CWE
Published
12/19/2022
Updated
10/2/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
knex | npm | < 2.4.0 | 2.4.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from MySQL query compiler's handling of WHERE clause values. The patch added assertions in these two functions
to reject objects/arrays. The commit diff shows these functions
were modified to add 'assert' checks against object/array values. Prior to 2.4.0, these validation
checks were missing, allowing malicious objects/arrays to be interpreted as SQL expressions rather than parameterized values. The GHSA advisory and test cases confirm these were the entry points for SQL injection via WHERE clause manipulation.