← back
CVE-2024-4701

Path Traversal vulnerability via File Uploads in Genie

CVSS 9.9 CRITICALEPSS 24.6%CWE-22
A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Affected products
Netflix · Genie
public PoCs found2
githubgithub.com/JoeBeeton/CVE-2024-4701-POC2githubgithub.com/JinhyukKo/CVE-2024-4701-POC1
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md