CVE-2026-47383: Nocodb Unvalidated Ast Value In Knex Raw
Directly passing the `.value` of an AST node argument into the query template of `knex.raw()` without validation can lead to SQL Injection. Ensure the literal is safely validated, wrapped in a sanitizing function, or use parameterized bindings array before execution.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
TS
TSgreprules fetch cve-2026-47383-nocodb-unvalidated-ast-value-in-knex-raw --engine opengrepDescription
Directly passing the `.value` of an AST node argument into the query template of `knex.raw()` without validation can lead to SQL Injection. Ensure the literal is safely validated, wrapped in a sanitizing function, or use parameterized bindings array before execution.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0