Description
call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules.
Remediation
References
https://nodesecurity.io/advisories/121
https://github.com/hapijs/hapi/issues/3228
Related Vulnerabilities
CVE-2018-16459 Vulnerability in maven package org.webjars.npm:exceljs
CVE-2022-37199 Vulnerability in maven package com.jflyfox:jflyfox_jfinal
CVE-2020-16040 Vulnerability in npm package electron
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core
CVE-2020-7754 Vulnerability in npm package npm-user-validate