CVE-2016-20018
- Source
- https://cve.org/CVERecord?id=CVE-2016-20018
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-20018.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-20018
- Aliases
- Downstream
- Published
- 2022-12-19T09:15:09.290Z
- Modified
- 2026-05-18T13:47:04.130111Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
- References
Affected packages
Git / github.com/knex/knex
Affected ranges
- Type
- GIT
- Repo
- https://github.com/knex/knex
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:knexjs:knex:*:*:*:*:*:node.js:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "2.3.0" } ] }
Affected versions
Other
0,14,2
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.10.0
0.10.0-rc1
0.11.0
0.11.1
0.11.10
0.11.2
0.11.3
0.11.4
0.11.5
0.11.6
0.11.7
0.11.8
0.11.9
0.12.0
0.12.1
0.12.8
0.12.9
0.13.0
0.14.1
0.14.3
0.14.4
0.14.5
0.14.6
0.15.0
0.15.2
0.16.0
0.16.1
0.16.3
0.17.0
0.17.2
0.18.4
0.19.0
0.19.3
0.19.5
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.20.0
0.20.1
0.20.11
0.20.2
0.20.4
0.20.6
0.21.0
0.21.1
0.21.10
0.21.13
0.21.14
0.21.15
0.21.2
0.21.3
0.21.5
0.21.9
0.4.0
0.4.1
0.4.10
0.4.11
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1
0.6.10
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.6.16
0.6.17
0.6.18
0.6.19
0.6.2
0.6.20
0.6.21
0.6.22
0.6.3
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.9.0
0.95.0
0.95.10
0.95.11
0.95.12
0.95.14
0.95.2
0.95.3
0.95.5
0.95.8
1.*
1.0.0
1.0.1
1.0.3
1.0.4
1.0.5
1.0.7
2.*
2.0.0
2.1.0
2.2.0
2.3.0
v0.*
v0.15.1
v0.16.2