AI description
CVE-2024-4701 is a vulnerability found in Genie, Netflix's open-source job orchestration engine for big data processing. This flaw is a path traversal issue that can lead to remote code execution. It exists in Genie's API, which handles file uploads and accepts a user-supplied filename as part of a multipart/form-data request. The vulnerability allows attackers to manipulate the filename parameter, enabling them to write files outside the intended storage path. This can lead to writing arbitrary content to locations where the Java process has write permissions, potentially compromising the entire system. The issue affects all Genie OSS versions prior to 4.3.18.
- Description
- A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18
- Source
- security-report@netflix.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
- Severity
- CRITICAL
- security-report@netflix.com
- CWE-22
- Hype score
- Not currently trending
in addition to the YouTube app, Netflix for PS4/PS5 could probably be used as an entry point leveraging CVE-2024-4701 bug to gain remote code execution but CVE-2021-38003 could be the best option according to autechre (previously known as moogie from the PS3 jailbreaking scene)
@BrutalSam_
17 Oct 2025
25097 Impressions
18 Retweets
263 Likes
43 Bookmarks
9 Replies
4 Quotes
Critical Netflix Genie Bug Exploit Opens Big Data Systems to RCE At... Discover how CVE-2024-4701 in Netflix's Genie OSS exposes big data systems to remote code execution, and learn critical steps to mitigate this severe vulnerability. "Netflix Ready Device Platform" (NRDP) SDK h
@RobinsonPauli18
16 Oct 2025
5279 Impressions
4 Retweets
54 Likes
6 Bookmarks
3 Replies
0 Quotes