CVE-2011-1364
Google App Engine Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.
Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF)en _ah/admin/interactive/execute (también conocido como Interactive Console) en SDK Console (también Admin Console) en Google App Engine Python SDK anterior a v1.5.4 permite a atacantes remotos secuestrar la autenticación de administradores para las peticiones que ejecutar código arbitrario a través de Python el parámetro "code".
The Google App Engine SDK for Python suffers from a code execution vulnerability that can be leveraged by a CSRF vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-03-10 CVE Reserved
- 2011-10-12 CVE Published
- 2023-11-18 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/50075 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/69958 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://blog.watchfire.com/files/googleappenginesdk.pdf | 2024-08-06 |
URL | Date | SRC |
---|---|---|
http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes | 2017-08-17 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | <= 1.5.3 Search vendor "Google" for product "App Engine Python Sdk" and version " <= 1.5.3" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.0.1 Search vendor "Google" for product "App Engine Python Sdk" and version "1.0.1" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.0.2 Search vendor "Google" for product "App Engine Python Sdk" and version "1.0.2" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.0 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.0" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.1 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.1" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.2 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.2" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.3 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.3" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.4 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.4" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.5 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.5" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.6 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.6" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.7 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.7" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.8 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.8" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.1.9 Search vendor "Google" for product "App Engine Python Sdk" and version "1.1.9" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.2.0 Search vendor "Google" for product "App Engine Python Sdk" and version "1.2.0" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.2.1 Search vendor "Google" for product "App Engine Python Sdk" and version "1.2.1" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.2.2 Search vendor "Google" for product "App Engine Python Sdk" and version "1.2.2" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.2.3 Search vendor "Google" for product "App Engine Python Sdk" and version "1.2.3" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.2.4 Search vendor "Google" for product "App Engine Python Sdk" and version "1.2.4" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.2.5 Search vendor "Google" for product "App Engine Python Sdk" and version "1.2.5" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.2.6 Search vendor "Google" for product "App Engine Python Sdk" and version "1.2.6" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.2.7 Search vendor "Google" for product "App Engine Python Sdk" and version "1.2.7" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.3.0 Search vendor "Google" for product "App Engine Python Sdk" and version "1.3.0" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.3.1 Search vendor "Google" for product "App Engine Python Sdk" and version "1.3.1" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.3.2 Search vendor "Google" for product "App Engine Python Sdk" and version "1.3.2" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.3.3 Search vendor "Google" for product "App Engine Python Sdk" and version "1.3.3" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.3.4 Search vendor "Google" for product "App Engine Python Sdk" and version "1.3.4" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.3.5 Search vendor "Google" for product "App Engine Python Sdk" and version "1.3.5" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.3.6 Search vendor "Google" for product "App Engine Python Sdk" and version "1.3.6" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.3.7 Search vendor "Google" for product "App Engine Python Sdk" and version "1.3.7" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.3.8 Search vendor "Google" for product "App Engine Python Sdk" and version "1.3.8" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.4.0 Search vendor "Google" for product "App Engine Python Sdk" and version "1.4.0" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.4.1 Search vendor "Google" for product "App Engine Python Sdk" and version "1.4.1" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.4.2 Search vendor "Google" for product "App Engine Python Sdk" and version "1.4.2" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.4.3 Search vendor "Google" for product "App Engine Python Sdk" and version "1.4.3" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.5.0 Search vendor "Google" for product "App Engine Python Sdk" and version "1.5.0" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.5.1 Search vendor "Google" for product "App Engine Python Sdk" and version "1.5.1" | - |
Affected
| ||||||
Google Search vendor "Google" | App Engine Python Sdk Search vendor "Google" for product "App Engine Python Sdk" | 1.5.2 Search vendor "Google" for product "App Engine Python Sdk" and version "1.5.2" | - |
Affected
|