CVE-2011-4212

Currently unrated

Key Information:

Vendor: Google
Status: App Engine Python Sdk
Vendor: CVE Published:; 30 October 2011

Summary

The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.

References

http://code.google.com/p/googleappengine/wiki/SdkReleaseN...

x_refsource_MISC

http://blog.watchfire.com/files/googleappenginesdk.pdf

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/71063

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 30, 2011
Vulnerability Reserved
Oct 30, 2011

Collectors

NVD DatabaseMitre Database