CVE-2015-5688

Name of the Vulnerable Software and Affected Versions Geddy versions prior to 13.0.8

Description A directory traversal issue allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH INFO to the default URI. This can be exploited by sending a specially crafted request to the server, potentially allowing access to sensitive files. For example, an attacker could use a URL like "http://localhost:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd" to attempt to read the /etc/passwd file.

Recommendations Update Geddy to version 13.0.8 or later to resolve the issue.