CVE-2016-10543: Improper Input Validation

February 18, 2019 (updated January 8, 2021)

call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate empty parameters, which could result in invalid input bypassing the route validation rules.

References

github.com/advisories/GHSA-84fv-prrc-5ggr
github.com/hapijs/hapi/issues/3228
nodesecurity.io/advisories/121
nvd.nist.gov/vuln/detail/CVE-2016-10543
www.npmjs.com/advisories/121

Detect and mitigate CVE-2016-10543 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →