call@2.0.2 vulnerabilities

HTTP Router

latest version

5.0.3
latest non vulnerable version

5.0.3
first published

12 years ago
latest version published

5 years ago
licenses detected
- BSD-3-Clause
  >=2.0.2
View call package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the call package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper input validation `call` is the primary HTTP router of the `hapi` framework. The vulnerability arise from `undefined` values inside a path (last segment being an exception) making their way into components that do not care for values being `undefined` (eg. the database layer). For example, the request URI `/delete/company//` may incorrectly match a route looking for `/delete/company/{company}/`. By itself, the bad match is not a vulnerability. However, depending on the remaining logic in the application, such a bad match may result in skipping a protection mechanisms. In the above example, if the route translates to a DB delete command, it might delete all the companies from the db. How to fix Improper input validation? Upgrade to version 3.0.2 or higher.	>=2.0.1 <3.0.2
M Improper input validation `call` is the primary HTTP router of the `hapi` framework. The vulnerability arise from `undefined` values inside a path (last segment being an exception) making their way into components that do not care for values being `undefined` (eg. the database layer). For example, the request URI `/delete/company//` may incorrectly match a route looking for `/delete/company/{company}/`. By itself, the bad match is not a vulnerability. However, depending on the remaining logic in the application, such a bad match may result in skipping a protection mechanisms. In the above example, if the route translates to a DB delete command, it might delete all the companies from the db. How to fix Improper input validation? Upgrade to version 3.0.2 or higher.	>=2.0.1 <3.0.2

Improper input validation

call is the primary HTTP router of the hapi framework.

The vulnerability arise from undefined values inside a path (last segment being an exception) making their way into components that do not care for values being undefined (eg. the database layer).

For example, the request URI /delete/company// may incorrectly match a route looking for /delete/company/{company}/. By itself, the bad match is not a vulnerability. However, depending on the remaining logic in the application, such a bad match may result in skipping a protection mechanisms. In the above example, if the route translates to a DB delete command, it might delete all the companies from the db.

How to fix Improper input validation?

Upgrade to version 3.0.2 or higher.

>=2.0.1 <3.0.2

Improper input validation

call is the primary HTTP router of the hapi framework.

How to fix Improper input validation?

Upgrade to version 3.0.2 or higher.

>=2.0.1 <3.0.2

Go back to all versions of this package

call@2.0.2 vulnerabilities

HTTP Router

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities