Description
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules.
Remediation
References
https://github.com/hapijs/hapi/issues/3228
https://nodesecurity.io/advisories/121
Related Vulnerabilities
CVE-2022-39382 Vulnerability in npm package @keystone-6/core
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js
CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-openwire-legacy
CVE-2021-21181 Vulnerability in npm package electron
CVE-2022-41710 Vulnerability in npm package electron-markdownify