Critical severity9.9NVD Advisory· Published May 14, 2024· Updated Apr 15, 2026
CVE-2024-4701
CVE-2024-4701
Description
A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.netflix.genie:genie-webMaven | < 4.3.18 | 4.3.18 |
Patches
16bad017d8078Amend the check on IllegalAttachmentFileNameException (#1217)
2 files changed · +3 −3
genie-web/src/main/java/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImpl.java+2 −2 modified@@ -97,9 +97,9 @@ public Set<URI> saveAttachments( if (filename != null) { if ((filename.contains("/") || filename.contains("\\") - || filename.equals(".") || filename.equals(".."))) { + || filename.equals(".") || filename.contains(".."))) { throw new IllegalAttachmentFileNameException("Attachment filename " + filename + " is illegal. " - + "Filenames should not be . or .., or contain /, \\."); + + "Filenames should not be ., or contain .., /, \\."); } final String attachmentCanonicalPath =
genie-web/src/test/groovy/com/netflix/genie/web/services/impl/LocalFileSystemAttachmentServiceImplSpec.groovy+1 −1 modified@@ -193,7 +193,7 @@ class LocalFileSystemAttachmentServiceImplSpec extends Specification { thrown(IllegalAttachmentFileNameException) } - def "reject attachments with illegal filename is .."() { + def "reject attachments with illegal filename containing .."() { Set<Resource> attachments = new HashSet<Resource>() Resource attachment = Mockito.mock(Resource.class) Mockito.doReturn("..").when(attachment).getFilename()
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-wpcv-5jgp-69f3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-4701ghsaADVISORY
- github.com/Netflix/genie/commit/6bad017d8078c94e80d6c6fe8abd693910bf55cfghsaWEB
- github.com/Netflix/genie/pull/1217ghsaWEB
- github.com/Netflix/genie/releases/tag/v4.3.18ghsaWEB
- github.com/Netflix/genie/security/advisories/GHSA-wpcv-5jgp-69f3ghsaWEB
- github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.mdnvdWEB
News mentions
0No linked articles in our index yet.