CVE-2024-4701

CRITICAL LAB

Com.netflix.genie Genie-web < 4.3.18 - Path Traversal

Title source: rule

Description

A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18

Exploits (2)

nomisec WORKING POC 2 stars
by JoeBeeton · poc
https://github.com/JoeBeeton/CVE-2024-4701-POC
nomisec WORKING POC 1 stars
by JinhyukKo · poc
https://github.com/JinhyukKo/CVE-2024-4701-POC

References (1)

Scores

CVSS v3 9.9
EPSS 0.1758
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Lab Environment

COMMUNITY
Community Lab
docker pull netflixoss/genie-app:4.3.0
docker pull netflixoss/genie-demo-apache:4.3.0
docker pull netflixoss/genie-demo-client:4.3.0
docker pull sequenceiq/hadoop-docker:2.7.1
docker pull trinodb/trino:374

Details

CWE
CWE-22
Status published
Products (2)
com.netflix.genie/genie-web 0 - 4.3.18Maven
Netflix/Genie < 4.3.18
Published May 14, 2024
Tracked Since Feb 18, 2026