CVE-2011-1364

Google App Engine Python SDK < 1.5.4 - Cross-Site Request Forgery via Interactive Console

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69958
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50075

Scores

EPSS 0.0050
EPSS Percentile 39.0%

Details

CWE
CWE-352
Status published
Products (37)
google/app_engine_python_sdk 1.0.1
google/app_engine_python_sdk 1.0.2
google/app_engine_python_sdk 1.1.0
google/app_engine_python_sdk 1.1.1
google/app_engine_python_sdk 1.1.2
google/app_engine_python_sdk 1.1.3
google/app_engine_python_sdk 1.1.4
google/app_engine_python_sdk 1.1.5
google/app_engine_python_sdk 1.1.6
google/app_engine_python_sdk 1.1.7
... and 27 more
Published Oct 30, 2011
Tracked Since Feb 18, 2026