CVE-2015-5688

NUCLEI

geddy < 13.0.8 - Path Traversal via Dot Dot Encoded Slash in PATH_INFO

Title source: llm

Exploitation Summary

CVE-2015-5688 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

Nuclei Templates (1)

Geddy <13.0.8 - Local File Inclusion

MEDIUMby pikpikcu

References (5)

Core 5

Core References

Exploit, Patch x_refsource_confirm

https://github.com/geddy/geddy/issues/697

Patch x_refsource_confirm

https://github.com/geddy/geddy/releases/tag/v13.0.8

Issue Tracking x_refsource_confirm

https://github.com/geddy/geddy/pull/699

Exploit x_refsource_misc

https://nodesecurity.io/advisories/geddy-directory-traversal

Patch x_refsource_confirm

https://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231

View Patch ZIP pw:eip

Scores

EPSS 0.8109

EPSS Percentile 99.2%

Details

CWE

CWE-22

Status published

Products (2)

geddyjs/geddy 13.0.7

npm/geddy 0 - 13.0.8npm

Published Sep 04, 2015

Tracked Since Feb 18, 2026