CVE-2011-1364
Google App Engine Python SDK < 1.5.4 - Cross-Site Request Forgery via Interactive Console
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.
References (4)
Core 4
Core References
Patch x_refsource_misc
http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69958
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50075
Exploit x_refsource_misc
http://blog.watchfire.com/files/googleappenginesdk.pdf
Scores
EPSS
0.0050
EPSS Percentile
39.0%
Details
CWE
CWE-352
Status
published
Products (37)
google/app_engine_python_sdk
1.0.1
google/app_engine_python_sdk
1.0.2
google/app_engine_python_sdk
1.1.0
google/app_engine_python_sdk
1.1.1
google/app_engine_python_sdk
1.1.2
google/app_engine_python_sdk
1.1.3
google/app_engine_python_sdk
1.1.4
google/app_engine_python_sdk
1.1.5
google/app_engine_python_sdk
1.1.6
google/app_engine_python_sdk
1.1.7
... and 27 more
Published
Oct 30, 2011
Tracked Since
Feb 18, 2026