Nefarious Pickle Muncher
call

Route Validation Bypass

Severity: moderate

Overview

Affected versions of call do not validate empty parameters, which may result in a bypass of route validation rules.

Proof of Concept

Routing Scheme:

/api/{param}/{param2}/details

Triggering Request Path:

/api///

Remediation

Update to version 3.0.2 or later.

Vulnerable versions

2.0.1
4 years ago
2.0.2
3 years ago
3.0.0
3 years ago
3.0.1
2 years ago

Unaffected versions

0.0.1
6 years ago
1.0.0
4 years ago
2.0.0
4 years ago
3.0.2
2 years ago
3.0.3
2 years ago
3.0.4
2 years ago
4.0.0
2 years ago
4.0.1
a year ago
4.0.2
a year ago
5.0.0
a year ago
5.0.1
9 months ago

Resources

Advisory timeline

  1. Published

    Advisory published
    Jul 5th, 2016
  2. Reported

    Initial report by Nicolas Morel
    Jul 5th, 2016