Phanect

**Name of the Vulnerable Software and Affected Versions** Geddy versions prior to 13.0.8 **Description** A directory traversal issue allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH INFO to the default URI. This can be exploited by sending a specially crafted request to the server, potentially allowing access to sensitive files. For example, an attacker could use a URL like "http://localhost:4000/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd" to attempt to read the /etc/passwd file. **Recommendations** Update Geddy to version 13.0.8 or later to resolve the issue.