CVE-2016-20018 Information

Description

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.

Reference

https://www.ghostccamm.com/blog/knex_sqli/ https://github.com/knex/knex/issues/1227