CVE-2011-1364

CVE-2011-1364 describes a CSRF vulnerability in the Google App Engine Python SDK before 1.5.4, specifically in the Interactive Console at _ah/admin/interactive/execute. The flaw allows remote attackers to hijack administrator authentication for requests that execute arbitrary Python code via the ...

CVE-2011-4213

The CVE-2011-4213 issue affects the Google App Engine Python SDK prior to 1.5.4, where the sandbox/Interactive Console path _ah/admin/interactive/execute is vulnerable to CSRF. The vulnerability allows remote attackers to hijack administrator authentication and execute arbitrary Python code via t...

CVE-2011-4212

CVE-2011-4212 describes a vulnerability in the Google App Engine Python SDK sandbox prior to 1.5.4. The sandbox does not properly prevent os.popen calls, allowing a local attacker with access to bypass access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._...

CVE-2011-4211

The CVE-2011-4211 entry concerns the Google App Engine Python SDK (sandbox) prior to 1.5.4. The vulnerability arises from the FakeFile implementation not properly controlling file openings, allowing local users to bypass intended access restrictions and create arbitrary files by modifying ALLOWED...