GMS-2016-40: Invalid input to route validation rules

July 5, 2016

hapi does not validate empty parameters, which could result in invalid input bypassing the route validation rules. For example, in the routing scheme /api/{param}/{param2}/details, a request made to /api/// would match incorrectly.

References

github.com/hapijs/hapi/issues/3228

Detect and mitigate GMS-2016-40 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →