CVE-2015-5688

NUCLEI

Geddy <13.0.8 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

Nuclei Templates (1)

Geddy <13.0.8 - Local File Inclusion

MEDIUMby pikpikcu

References (5)

[Exploit, Patch] https://github.com/geddy/geddy/issues/697

[Patch] https://github.com/geddy/geddy/releases/tag/v13.0.8

[Exploit] https://nodesecurity.io/advisories/geddy-directory-traversal

[Patch] https://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231

View Patch ZIP pw:eip

[Issue Tracking] https://github.com/geddy/geddy/pull/699

Scores

EPSS 0.8109

EPSS Percentile 99.2%

Details

CWE

CWE-22

Status published

Products (2)

geddyjs/geddy 13.0.7

npm/geddy 0 - 13.0.8npm

Published Sep 04, 2015

Tracked Since Feb 18, 2026