CVE-2024-4701 Path Traversal vulnerability via File Uploads in Genie

2024-05-1018:37:21

CWE-22

netflix

www.cve.org

genie

file uploads

path traversal

remote code execution

cve-2024-4701

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

Confidence

High

EPSS

Percentile

10.5%

JSON

A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Genie",
    "repo": "https://github.com/Netflix/genie",
    "vendor": "Netflix",
    "versions": [
      {
        "lessThanOrEqual": "4.3.18",
        "status": "affected",
        "version": "0",
        "versionType": "git"
      }
    ]
  }
]