Lucene search

[email protected]NVD:CVE-2011-4212

HistoryOct 30, 2011 - 7:55 p.m.

CVE-2011-4212

2011-10-3019:55:01

CWE-264

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.5%

JSON

The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.

Affected configurations

NVD

Node

googleapp_engine_python_sdkRange≤1.5.3

googleapp_engine_python_sdkMatch1.0.1

googleapp_engine_python_sdkMatch1.0.2

googleapp_engine_python_sdkMatch1.1.0

googleapp_engine_python_sdkMatch1.1.1

googleapp_engine_python_sdkMatch1.1.2

googleapp_engine_python_sdkMatch1.1.3

googleapp_engine_python_sdkMatch1.1.4

googleapp_engine_python_sdkMatch1.1.5

googleapp_engine_python_sdkMatch1.1.6

googleapp_engine_python_sdkMatch1.1.7

googleapp_engine_python_sdkMatch1.1.8

googleapp_engine_python_sdkMatch1.1.9

googleapp_engine_python_sdkMatch1.2.0

googleapp_engine_python_sdkMatch1.2.1

googleapp_engine_python_sdkMatch1.2.2

googleapp_engine_python_sdkMatch1.2.3

googleapp_engine_python_sdkMatch1.2.4

googleapp_engine_python_sdkMatch1.2.5

googleapp_engine_python_sdkMatch1.2.6

googleapp_engine_python_sdkMatch1.2.7

googleapp_engine_python_sdkMatch1.3.0

googleapp_engine_python_sdkMatch1.3.1

googleapp_engine_python_sdkMatch1.3.2

googleapp_engine_python_sdkMatch1.3.3

googleapp_engine_python_sdkMatch1.3.4

googleapp_engine_python_sdkMatch1.3.5

googleapp_engine_python_sdkMatch1.3.6

googleapp_engine_python_sdkMatch1.3.7

googleapp_engine_python_sdkMatch1.3.8

googleapp_engine_python_sdkMatch1.4.0

googleapp_engine_python_sdkMatch1.4.1

googleapp_engine_python_sdkMatch1.4.2

googleapp_engine_python_sdkMatch1.4.3

googleapp_engine_python_sdkMatch1.5.0

googleapp_engine_python_sdkMatch1.5.1

googleapp_engine_python_sdkMatch1.5.2

References

blog.watchfire.com/files/googleappenginesdk.pdf

code.google.com/p/googleappengine/wiki/SdkReleaseNotes

exchange.xforce.ibmcloud.com/vulnerabilities/71063

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.5%

JSON

Related for NVD:CVE-2011-4212

prion4 cvelist4 cve4 nvd3 securityvulns2