SPA-asp.net-api-vuejs-
SPA-asp.net-api-vuejs- copied to clipboard
WS-2016-0032 Medium Severity Vulnerability detected by WhiteSource
WS-2016-0032 - Medium Severity Vulnerability
Vulnerable Library - call-3.0.0.tgz
HTTP Router
path: /tmp/git/SPA-asp.net-api-vuejs-/MBO/node_modules/hapi/node_modules/call/package.json
Library home page: http://registry.npmjs.org/call/-/call-3.0.0.tgz
Dependency Hierarchy:
- prerender-spa-plugin-2.1.0.tgz (Root Library)
- hapi-13.2.2.tgz
- :x: call-3.0.0.tgz (Vulnerable Library)
- hapi-13.2.2.tgz
Vulnerability Details
There is a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules. For example, in the routing scheme /api/{param}/{param2}/details, a request made to /api/// would match incorrectly.
Publish Date: 2016-07-05
URL: WS-2016-0032
CVSS 2 Score Details (5.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/121
Release Date: 2016-07-05
Fix Resolution: Upgrade to call 3.0.2. hapi users should upgrade to 13.4.2.
Step up your Open Source Security Game with WhiteSource here