CVE-2024-4701

CRITICAL LAB

Genie < 4.3.18 - Path Traversal and Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-4701. PoCs published by JoeBeeton, JinhyukKo.

AI-analyzed exploit summary This PoC demonstrates CVE-2024-4701 by exploiting a vulnerability in Netflix Genie 4.3.0 via a malicious library upload. The payload is sent via netcat to the Genie app running in Docker, triggering execution upon container login.

Description

A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18

Exploits (2)

nomisec WORKING POC 2 stars

by JoeBeeton · poc

https://github.com/JoeBeeton/CVE-2024-4701-POC

View Code ZIP pw:eip

This PoC demonstrates CVE-2024-4701 by exploiting a vulnerability in Netflix Genie 4.3.0 via a malicious library upload. The payload is sent via netcat to the Genie app running in Docker, triggering execution upon container login.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Netflix Genie 4.3.0

No auth needed

Prerequisites: Docker environment with Genie 4.3.0 running · Netcat installed · Malicious library payload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by JinhyukKo · poc

https://github.com/JinhyukKo/CVE-2024-4701-POC

View Code ZIP pw:eip

This PoC exploits a directory traversal vulnerability in Netflix Genie's job submission API to overwrite critical system files (e.g., /etc/ld.so.preload) via malicious multipart form uploads, enabling arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Netflix Genie (version not specified)

No auth needed

Prerequisites: Access to the target API endpoint · Ability to send multipart form requests · Presence of the vulnerable Genie instance

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1204 - User Execution T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md

View Writeup ZIP pw:eip

Scores

CVSS v3 9.9

EPSS 0.1983

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull netflixoss/genie-app:4.3.0

docker pull netflixoss/genie-demo-apache:4.3.0

docker pull netflixoss/genie-demo-client:4.3.0

docker pull sequenceiq/hadoop-docker:2.7.1

docker pull trinodb/trino:374

https://github.com/JoeBeeton/CVE-2024-4701-POC

https://github.com/JinhyukKo/CVE-2024-4701-POC

https://github.com/Netflix/security-bulletins

View in Library

Details

CWE

CWE-22

Status published

Products (2)

com.netflix.genie/genie-web 0 - 4.3.18Maven

Netflix/Genie < 4.3.18

Published May 14, 2024

Tracked Since Feb 18, 2026