Truecaller : Lack of URL Validation in avatarUrl at /v4/profile

The endpoint "profile4-noneu.truecaller.com/v4/profile" was found to have a lack of URL validation in the "avatarUrl" parameter. The validation only checked if the URL started with "https" and contained the string "images-noneu.truecallerstatic.com", allowing attackers to craft fake URLs by addin...