CVE-2011-1364: CSRF

First published: Sun Oct 30 2011(Updated: )

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Google App Engine Python SDK	=1.4.3
Google App Engine Python SDK	=1.1.5
Google App Engine Python SDK	=1.3.4
Google App Engine Python SDK	=1.2.6
Google App Engine Python SDK	=1.2.2
Google App Engine Python SDK	=1.2.7
Google App Engine Python SDK	=1.1.7
Google App Engine Python SDK	=1.0.2
Google App Engine Python SDK	=1.1.3
Google App Engine Python SDK	=1.5.2
Google App Engine Python SDK	=1.1.0
Google App Engine Python SDK	=1.3.1
Google App Engine Python SDK	<=1.5.3
Google App Engine Python SDK	=1.0.1
Google App Engine Python SDK	=1.4.0
Google App Engine Python SDK	=1.1.2
Google App Engine Python SDK	=1.3.8
Google App Engine Python SDK	=1.3.3
Google App Engine Python SDK	=1.2.5
Google App Engine Python SDK	=1.2.0
Google App Engine Python SDK	=1.1.8
Google App Engine Python SDK	=1.1.9
Google App Engine Python SDK	=1.3.7
Google App Engine Python SDK	=1.3.2
Google App Engine Python SDK	=1.2.4
Google App Engine Python SDK	=1.2.1
Google App Engine Python SDK	=1.4.1
Google App Engine Python SDK	=1.2.3
Google App Engine Python SDK	=1.1.4
Google App Engine Python SDK	=1.5.1
Google App Engine Python SDK	=1.3.0
Google App Engine Python SDK	=1.3.6
Google App Engine Python SDK	=1.3.5
Google App Engine Python SDK	=1.1.1
Google App Engine Python SDK	=1.1.6
Google App Engine Python SDK	=1.5.0
Google App Engine Python SDK	=1.4.2

Remedy

http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/tags
collector/mitre-cve
source/MITRE
vendor/google
canonical/google app engine python sdk
version/google app engine python sdk/1.4.3
version/google app engine python sdk/1.1.5
version/google app engine python sdk/1.3.4
version/google app engine python sdk/1.2.6
version/google app engine python sdk/1.2.2
version/google app engine python sdk/1.2.7
version/google app engine python sdk/1.1.7
version/google app engine python sdk/1.0.2
version/google app engine python sdk/1.1.3
version/google app engine python sdk/1.5.2
version/google app engine python sdk/1.1.0
version/google app engine python sdk/1.3.1
version/google app engine python sdk/1.5.3
version/google app engine python sdk/1.0.1
version/google app engine python sdk/1.4.0
version/google app engine python sdk/1.1.2
version/google app engine python sdk/1.3.8
version/google app engine python sdk/1.3.3
version/google app engine python sdk/1.2.5
version/google app engine python sdk/1.2.0
version/google app engine python sdk/1.1.8
version/google app engine python sdk/1.1.9
version/google app engine python sdk/1.3.7
version/google app engine python sdk/1.3.2
version/google app engine python sdk/1.2.4
version/google app engine python sdk/1.2.1
version/google app engine python sdk/1.4.1
version/google app engine python sdk/1.2.3
version/google app engine python sdk/1.1.4
version/google app engine python sdk/1.5.1
version/google app engine python sdk/1.3.0
version/google app engine python sdk/1.3.6
version/google app engine python sdk/1.3.5
version/google app engine python sdk/1.1.1
version/google app engine python sdk/1.1.6
version/google app engine python sdk/1.5.0
version/google app engine python sdk/1.4.2

CVE-2011-1364: CSRF

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact