GSD-2016-20018

Vulnerability from gsd - Updated: 2023-12-13 01:21
Details
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
Aliases
Aliases
CVE-2016-20018
To clipboard 

{
  "GSD": {
    "alias": "CVE-2016-20018",
    "id": "GSD-2016-20018"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-20018"
      ],
      "details": "Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.",
      "id": "GSD-2016-20018",
      "modified": "2023-12-13T01:21:19.261950Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-20018",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ghostccamm.com/blog/knex_sqli/",
            "refsource": "MISC",
            "url": "https://www.ghostccamm.com/blog/knex_sqli/"
          },
          {
            "name": "https://github.com/knex/knex/issues/1227",
            "refsource": "MISC",
            "url": "https://github.com/knex/knex/issues/1227"
          },
          {
            "name": "https://nvd.nist.gov/vuln/detail/CVE-2016-20018",
            "refsource": "MISC",
            "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20018"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=0.20.0 \u003c0.23.0",
          "affected_versions": "All versions starting from 0.20.0 before 0.23.0",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-01-13",
          "description": "Users of a12nserver that use MySQL might be vulnerable to SQL injection bugs. If you use a12nserver and MySQL, update as soon as possible. This SQL injection bug might let an attacker obtain OAuth2 Access Tokens for users unrelated to those that permitted OAuth2 clients.",
          "fixed_versions": [
            "0.23.0"
          ],
          "identifier": "GMS-2023-45",
          "identifiers": [
            "GHSA-crhg-xgrg-vvcc",
            "GMS-2023-45",
            "CVE-2016-20018"
          ],
          "not_impacted": "All versions before 0.20.0, all versions starting from 0.23.0",
          "package_slug": "npm/@curveball/a12n-server",
          "pubdate": "2023-01-13",
          "solution": "Upgrade to version 0.23.0 or above.",
          "title": "a12nserver vulnerable to potential SQL Injections via Knex dependency",
          "urls": [
            "https://github.com/curveball/a12n-server/security/advisories/GHSA-crhg-xgrg-vvcc",
            "https://nvd.nist.gov/vuln/detail/CVE-2016-20018",
            "https://github.com/knex/knex/issues/1227",
            "https://github.com/curveball/a12n-server/commit/f4acd7549043e6e2b8917b77a50dce0756a922cc",
            "https://github.com/curveball/a12n-server/releases/tag/v0.23.0",
            "https://www.ghostccamm.com/blog/knex_sqli/",
            "https://github.com/advisories/GHSA-crhg-xgrg-vvcc"
          ],
          "uuid": "ef55251f-d3e0-4330-9a73-8b58d1ef6fa3"
        },
        {
          "affected_range": "\u003c=2.3.0",
          "affected_versions": "All versions up to 2.3.0",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-12-20",
          "description": "Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.",
          "fixed_versions": [],
          "identifier": "CVE-2016-20018",
          "identifiers": [
            "GHSA-4jv9-3563-23j3",
            "CVE-2016-20018"
          ],
          "not_impacted": "",
          "package_slug": "npm/knex",
          "pubdate": "2022-12-19",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Knex.js has a limited SQL injection vulnerability",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-20018",
            "https://github.com/knex/knex/issues/1227",
            "https://www.ghostccamm.com/blog/knex_sqli/",
            "https://github.com/advisories/GHSA-4jv9-3563-23j3"
          ],
          "uuid": "6dff8e90-724a-4a6e-be45-83e4655b67ad"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:knexjs:knex:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-20018"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ghostccamm.com/blog/knex_sqli/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.ghostccamm.com/blog/knex_sqli/"
            },
            {
              "name": "https://github.com/knex/knex/issues/1227",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://github.com/knex/knex/issues/1227"
            },
            {
              "name": "https://nvd.nist.gov/vuln/detail/CVE-2016-20018",
              "refsource": "",
              "tags": [],
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-20018"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-11-23T00:15Z",
      "publishedDate": "2022-12-19T09:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.