Cross-Site Request Forgery Vulnerability in Google App Engine Python SDK
CVE-2011-1364

Currently unrated

Key Information:

Vendor: Google
Status: App Engine Python Sdk
Vendor: CVE Published:; 30 October 2011

What is CVE-2011-1364?

A CSRF vulnerability exists in the Interactive Console of the Google App Engine Python SDK prior to version 1.5.4. This flaw allows remote attackers to hijack an administrator's authentication and execute arbitrary Python code by manipulating requests through the code parameter. Attackers can exploit this vulnerability to gain unauthorized access and execute malicious commands within the SDK's environment, potentially compromising the integrity of applications utilizing the affected SDK.

References

http://code.google.com/p/googleappengine/wiki/SdkReleaseN...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/69958

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/50075

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2011
Vulnerability Reserved
Mar 10, 2011