{"id":"CVE-2024-4701","summary":"Path Traversal vulnerability via File Uploads in Genie","details":"A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18","aliases":["GHSA-wpcv-5jgp-69f3"],"modified":"2026-07-15T01:48:52.130038778Z","published":"2024-05-10T18:37:21.582Z","database_specific":{"cna_assigner":"netflix","cwe_ids":["CWE-22"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4701.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4701.json"},{"type":"ADVISORY","url":"https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4701"},{"type":"PACKAGE","url":"https://github.com/Netflix/genie"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/netflix/genie","events":[{"introduced":"0"},{"last_affected":"6bad017d8078c94e80d6c6fe8abd693910bf55cf"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"4.3.18"}],"source":"AFFECTED_FIELD"}}],"versions":["v4.3.18","v4.3.17","v4.3.16","v4.3.15","v4.3.14","v4.3.12","v4.3.11","v4.3.7","v4.3.6","v4.3.5","v4.3.4","v4.3.3","v4.3.2","v4.3.1","v4.3.0","v4.2.0","v4.1.0","v4.0.0-rc.98","v4.0.0","v4.0.0-rc.97","v4.0.0-rc.96","v4.0.0-rc.95","v4.0.0-rc.94","v4.0.0-rc.93","v4.0.0-rc.92","v4.0.0-rc.91","v4.0.0-rc.90","v4.0.0-rc.89","v4.0.0-rc.88","v4.0.0-rc.87","v4.0.0-rc.86","v4.0.0-rc.85","v4.0.0-rc.84","v4.0.0-rc.83","v4.0.0-rc.82","v4.0.0-rc.81","v4.0.0-rc.80","v4.0.0-rc.79","v4.0.0-rc.78","v4.0.0-rc.77","v4.0.0-rc.76","v4.0.0-rc.75","v4.0.0-rc.74","v4.0.0-rc.73","v4.0.0-rc.72","v4.0.0-rc.71","v4.0.0-rc.70","v4.0.0-rc.69","v4.0.0-rc.68","v4.0.0-rc.67","v4.0.0-rc.66","v4.0.0-rc.65","v4.0.0-rc.64","v4.0.0-rc.63","v4.0.0-rc.62","v4.0.0-rc.61","v4.0.0-rc.60","v4.0.0-rc.59","v4.0.0-rc.58","v4.0.0-rc.57","v4.0.0-rc.56","v4.0.0-rc.55","v4.0.0-rc.54","v4.0.0-rc.53","v4.0.0-rc.52","v4.0.0-rc.51","v4.0.0-rc.50","v4.0.0-rc.49","v4.0.0-rc.48","v4.0.0-rc.47","v4.0.0-rc.46","v4.0.0-rc.45","v4.0.0-rc.44","v4.0.0-rc.43","v4.0.0-rc.42","v4.0.0-rc.41","v4.0.0-rc.40","v4.0.0-rc.39","v4.0.0-rc.38","v4.0.0-rc.37","v4.0.0-rc.36","v4.0.0-rc.35","v4.0.0-rc.34","v4.0.0-rc.33","v4.0.0-rc.32","v4.0.0-rc.31","v4.0.0-rc.30","v4.0.0-rc.29","v4.0.0-rc.28","v4.0.0-rc.27","v4.0.0-rc.26","v4.0.0-rc.25","v4.0.0-rc.24","v4.0.0-rc.23","v4.0.0-rc.22","v4.0.0-rc.21","v4.0.0-rc.20","v4.0.0-rc.19","v4.0.0-rc.18","v4.0.0-rc.17","v4.0.0-rc.16","v4.0.0-rc.15","v4.0.0-rc.14","v4.0.0-rc.13","v4.0.0-rc.12","v4.0.0-rc.11","v4.0.0-rc.10","v4.0.0-rc.9","v4.0.0-rc.8","v4.0.0-rc.7","v4.0.0-rc.6","v4.0.0-rc.5","v4.0.0-rc.4","v4.0.0-rc.3","v4.0.0-rc.2","v4.0.0-rc.1","v3.3.0","v3.2.3","v3.2.0","v3.1.0","v3.1.0-rc.8","v3.1.0-rc.7","v3.1.0-rc.6","v3.1.0-rc.5","v3.1.0-rc.4","v3.1.0-rc.3","v3.1.0-rc.2","v3.1.0-rc.1","v3.0.0","v3.0.0-rc.37","v3.0.0-rc.36","v3.0.0-rc.35","v3.0.0-rc.34","v3.0.0-rc.33","v3.0.0-rc.32","v3.0.0-rc.31","v3.0.0-rc.30","v3.0.0-rc.29","v3.0.0-rc.28","v3.0.0-rc.27","v3.0.0-rc.26","v3.0.0-rc.25","v3.0.0-rc.24","v3.0.0-rc.23","v3.0.0-rc.22","v3.0.0-rc.21","v3.0.0-rc.20","v3.0.0-rc.19","v3.0.0-rc.18","v3.0.0-rc.17","v3.0.0-rc.16","v3.0.0-rc.15","v3.0.0-rc.14","v3.0.0-rc.13","v3.0.0-rc.12","v3.0.0-rc.11","v3.0.0-rc.10","v3.0.0-rc.8","v3.0.0-rc.9","v3.0.0-rc.7","v3.0.0-rc.6","v3.0.0-rc.5","v3.0.0-rc.4","v3.0.0-rc.3","v3.0.0-rc.2","v3.0.0-rc.1","elasticsearchTest","2.2.3","2.2.2","2.2.1","2.2.0","2.1.2","2.1.1","2.1.0","0.24","0.23","0.22","0.21","0.20"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4701.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L"}]}