Lucene search
GitHub Advisory DatabaseGHSA-333X-9VGQ-V2J4HistoryOct 24, 2017 - 6:33 p.m.
Directory Traversal in geddy
2017-10-2418:33:36
CWE-22
GitHub Advisory Database
github.com
16
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.009
Percentile
83.2%
Versions 13.0.8 and earlier of geddy are vulnerable to a directory traversal attack via URI encoded attack vectors.
Proof of Concept
http://localhost:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
Recommendation
Update geddy to version >= 13.0.8
Affected configurations
Node
geddyRange<13.0.8
Related
osv
osv
Directory Traversal in geddy
2017-10-24 18:33:36
cvelist
cvelist
CVE-2015-5688
2015-09-04 15:00:00
prion
prion
Directory traversal
2015-09-04 15:59:00
nodejs
nodejs
Directory Traversal
2015-10-17 19:41:46
cve
cve
CVE-2015-5688
2015-09-04 15:59:02
nuclei
nuclei
Geddy <13.0.8 - Local File Inclusion
2021-02-25 02:34:40
nvd
nvd
CVE-2015-5688
2015-09-04 15:59:02
openvas
openvas
Generic HTTP Directory Traversal (Web Root) - Active Check
2017-04-18 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.009
Percentile
83.2%
Related for GHSA-333X-9VGQ-V2J4