CVE-2015-5688
EPSS 81.1%Directory Traversal in geddy
發布日:2017/10/24修改日:2023/11/8
描述
Versions 13.0.8 and earlier of geddy are vulnerable to a directory traversal attack via URI encoded attack vectors. ### Proof of Concept ``` http://localhost:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd ``` ## Recommendation Update geddy to version >= 13.0.8
受影響套件(1)
- npm/geddyfrom 0, < 13.0.8
參考連結(8)
- ADVISORYhttps://github.com/advisories/GHSA-333x-9vgq-v2j4
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5688
- PATCHhttps://github.com/geddy/geddy
- WEBhttps://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231
- WEBhttps://github.com/geddy/geddy/issues/697
- WEBhttps://github.com/geddy/geddy/pull/699
- WEBhttps://github.com/geddy/geddy/releases/tag/v13.0.8
- WEBhttps://www.npmjs.com/advisories/10