Access Bypass in Google App Engine Python SDK
CVE-2011-4213

Currently unrated

Key Information:

Vendor: Google
Status: App Engine Python Sdk
Vendor: CVE Published:; 30 October 2011

Summary

The Google App Engine Python SDK prior to version 1.5.4 contains a vulnerability in its sandbox environment. The insecure implementation allows local users to exploit the os module, enabling them to bypass intended access restrictions. This flaw can lead to the execution of arbitrary commands through a specially crafted file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, highlighting a significant security risk.

References

http://code.google.com/p/googleappengine/wiki/SdkReleaseN...

x_refsource_MISC

http://blog.watchfire.com/files/googleappenginesdk.pdf

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/71062

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 30, 2011
Vulnerability Reserved
Oct 30, 2011