Geddy before v13.0.8 LFI

By
Anandhu Krishnan
Published on
01 Oct 2021
Vulnerability

Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

Mitigation / Precaution

We suggest that you update Geddy to version 13.0.8 or higher in order to fix this vulnerability.


Written by
Anandhu Krishnan
Anandhu Krishnan
Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days