[knex] Knex.js has a limited SQL injection vulnerability

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.

References

• https://nvd.nist.gov/vuln/detail/CVE-2016-20018
• https://github.com/knex/knex/issues/1227
• https://www.ghostccamm.com/blog/knex_sqli/
• https://github.com/knex/knex/releases/tag/2.4.0
• https://github.com/advisories/GHSA-4jv9-3563-23j3