SQL Injection Affecting knex Open this link in a new tab package, versions <0.6.23 >=0.7.0 <0.7.6
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
npm:knex:20150413
-
published
20 Dec 2016
-
disclosed
12 Apr 2015
-
credit
Jorge Godoy
Introduced: 12 Apr 2015
CWE-89 Open this link in a new tabHow to fix?
Upgrade knex
to versions 0.6.23
, 0.7.6
or higher.
Overview
knex
is a batteries-included SQL query & schema builder for Postgres, MySQL and SQLite3 and the Browser.
Column names are not properly escaped in the postgreSQL dialect. This may allow attackers to craft a query to the host DB and access private information. Writing the following code:
var query = knex.select('id","name').from('test')
console.log(query.toSQL())
Has the following result:
{ method: 'select',
options: undefined,
bindings: [],
sql: 'select "id","name" from "test"' }