call@3.0.0 vulnerabilities

HTTP Router

  • latest version

    5.0.3

  • latest non vulnerable version

  • first published

    12 years ago

  • latest version published

    6 years ago

  • deprecated

    Package is deprecated

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the call package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper input validation

    call is the primary HTTP router of the hapi framework.

    The vulnerability arise from undefined values inside a path (last segment being an exception) making their way into components that do not care for values being undefined (eg. the database layer).

    For example, the request URI /delete/company// may incorrectly match a route looking for /delete/company/{company}/. By itself, the bad match is not a vulnerability. However, depending on the remaining logic in the application, such a bad match may result in skipping a protection mechanisms. In the above example, if the route translates to a DB delete command, it might delete all the companies from the db.

    How to fix Improper input validation?

    Upgrade to version 3.0.2 or higher.

    >=2.0.1 <3.0.2