Some dependencies has security problems and should be updated.
CVE-2019-10757
high severity
Vulnerable versions: < 0.19.5
Patched version: 0.19.5
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
Is there an ETA on merging this patched fix? There is a severe vulnerability that requires dependent package versions to be updated within this package - thanks @BrenoMazieiro for submitting this pull request.
Some dependencies has security problems and should be updated.
CVE-2019-10757 high severity Vulnerable versions: < 0.19.5 Patched version: 0.19.5 knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.