High severityNVD Advisory· Published Sep 4, 2015· Updated Jun 17, 2026
CVE-2015-5688
CVE-2015-5688
Description
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
geddynpm | < 13.0.8 | 13.0.8 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/geddy/geddy/releases/tag/v13.0.8nvdPatchWEB
- github.com/geddy/geddy/issues/697nvdExploitPatchWEB
- nodesecurity.io/advisories/geddy-directory-traversalnvdExploit
- github.com/advisories/GHSA-333x-9vgq-v2j4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5688ghsaADVISORY
- github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231nvdWEB
- github.com/geddy/geddy/pull/699nvdWEB
- www.npmjs.com/advisories/10ghsaWEB
News mentions
0No linked articles in our index yet.