CVE-2011-4213

Published: Oct 30, 2011Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.

Affected (1)

Products: Google: App Engine Python Sdk

1 product

App Engine Python Sdk

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google App Engine Python Sdk	Before 1.5.4

Related CWEs

References (6)

http://blog.watchfire.com/files/googleappenginesdk.pdf

Source: cve@mitre.org

Exploit

http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/71062

Source: cve@mitre.org

VDB Entry

http://blog.watchfire.com/files/googleappenginesdk.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/71062

Source: af854a3a-2127-422b-91ae-364da2661108

VDB Entry

Timeline

No history available yet.