CVE-2011-1364

Currently unrated

Key Information:

Vendor: Google
Status: App Engine Python Sdk
Vendor: CVE Published:; 30 October 2011

Summary

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

References

http://code.google.com/p/googleappengine/wiki/SdkReleaseN...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/69958

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/50075

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 30, 2011
Vulnerability Reserved
Mar 10, 2011

Collectors

NVD DatabaseMitre Database