CVE-2011-4213

CWE-2643 documents3 sources
Severity
7.2HIGH
EPSS
0.0%
top 89.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google APP Engine Python SDK
Timeline
PublishedOct 30
Latest updateMay 14

Description

The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: code.google.comPatch: code.google.com

🔴Vulnerability Details

2
GHSA
GHSA-9q65-7pm8-2hp2: The sandbox environment in the Google App Engine Python SDK before 12022-05-14
CVEList
CVE-2011-4213: The sandbox environment in the Google App Engine Python SDK before 12011-10-30
CVE-2011-4213 (HIGH CVSS 7.2) | The sandbox environment in the Goog | cvebase.io