← back
CVE-2024-4701

Path Traversal vulnerability via File Uploads in Genie

CVSS 9.9 CRITICALEPSS 24.6%CWE-22
Vexday Risk Score
53Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.9EPSS 24.6%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
10 May 2024Published on NVD
13 May 2024Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Affected products
Netflix · Genie
public PoCs found2
githubgithub.com/JoeBeeton/CVE-2024-4701-POC2githubgithub.com/JinhyukKo/CVE-2024-4701-POC1
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md