Access Bypass in Google App Engine Python SDK
CVE-2011-4213

Currently unrated

Key Information:

Vendor: Google
Status: App Engine Python Sdk
Vendor: CVE Published:; 30 October 2011

What is CVE-2011-4213?

The Google App Engine Python SDK prior to version 1.5.4 contains a vulnerability in its sandbox environment. The insecure implementation allows local users to exploit the os module, enabling them to bypass intended access restrictions. This flaw can lead to the execution of arbitrary commands through a specially crafted file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, highlighting a significant security risk.

References

http://code.google.com/p/googleappengine/wiki/SdkReleaseN...

x_refsource_MISC

http://blog.watchfire.com/files/googleappenginesdk.pdf

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/71062

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2011
Vulnerability Reserved
Oct 30, 2011