Miggo Logo

CVE-2019-10757: SQL Injection in knex

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.51103%
Published
10/21/2019
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
knexnpm< 0.19.50.19.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper identifier escaping in the MSSQL dialect. The key change in commit 988fb24 modifies the wrapIdentifierImpl method in the MSSQL client implementation. The patch replaces the original insufficient escaping regex with one that strips out []' characters, directly addressing the SQL injection vector. This function is responsible for wrapping column/table identifiers in square brackets during query construction, making it the primary vulnerable function that would process malicious input during exploitation. Other changes in the commit appear to be test additions or unrelated code style fixes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

kn*x.js v*rsions ***or* *.**.* *r* vuln*r**l* to SQL Inj**tion *tt**k. I**nti*i*rs *r* *s**p** in*orr**tly *s p*rt o* t** MSSQL *i*l**t, *llowin* *tt**k*rs to *r**t * m*li*ious qu*ry to t** *ost **.

Reasoning

T** vuln*r**ility st*ms *rom improp*r i**nti*i*r *s**pin* in t** MSSQL *i*l**t. T** k*y ***n** in *ommit ******* mo*i*i*s t** `wr*pI**nti*i*rImpl` m*t*o* in t** MSSQL *li*nt impl*m*nt*tion. T** p*t** r*pl***s t** ori*in*l insu**i*i*nt *s**pin* r***x