call does not validate empty parameters, which could result in invalid input bypassing the route validation rules. For example, in the routing scheme /api/{param}/{param2}/details, a request made to /api/// would match incorrectly.
Affected versions: 8.0.0-rc4 to 13.4.1
Fixed versions: 13.4.2
Solution: Upgrade to latest version.
Credit: Nicolas Morel
Sources: https://nodesecurity.io/advisories/121
https://github.com/hapijs/hapi/issues/3228
Why
Hapi Security Alert