N00b's Programming Machine
Severity: moderate

Route Validation Bypass

call

Overview

Affected versions of call do not validate empty parameters, which may result in a bypass of route validation rules.

Proof of Concept

Routing Scheme:

/api/{param}/{param2}/details

Triggering Request Path:

/api///

Remediation

Update to version 3.0.2 or later.

Resources

Advisory timeline

  1. published

    Advisory published
    Jul 5th, 2016
  2. reported

    Jul 5th, 2016