CVE-2011-1364

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 64.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google APP Engine Python SDK

Timeline

PublishedOct 30

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/app_engine_python_sdk1.5.3+36

Patches

Patch: code.google.com ↗Patch: code.google.com ↗

🔴Vulnerability Details

GHSA

GHSA-7842-gcxf-cmg8: Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console)↗2022-05-17

▶

CVEList

CVE-2011-1364: Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console)↗2011-10-30

▶