Lucene search

PRIOn knowledge basePRION:CVE-2011-4213

HistoryOct 30, 2011 - 7:55 p.m.

Design/Logic Flaw

2011-10-3019:55:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

64.5%

JSON

The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.

CPENameOperatorVersion
app_engine_python_sdklt1.5.4

CPE	Name	Operator	Version
	app_engine_python_sdk	lt	1.5.4

References

blog.watchfire.com/files/googleappenginesdk.pdf

code.google.com/p/googleappengine/wiki/SdkReleaseNotes

exchange.xforce.ibmcloud.com/vulnerabilities/71062

7.3 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

64.5%

JSON

Related for PRION:CVE-2011-4213