What is the severity of CVE-2011-4211?

CVE-2011-4211 is classified as a medium severity vulnerability.

How do I fix CVE-2011-4211?

To fix CVE-2011-4211, upgrade to Google App Engine Python SDK version 1.5.4 or later.

What are the affected versions for CVE-2011-4211?

CVE-2011-4211 affects versions of Google App Engine Python SDK prior to 1.5.4.

What type of vulnerability is CVE-2011-4211?

CVE-2011-4211 is a file access control vulnerability in the Google App Engine Python SDK.

Who is impacted by CVE-2011-4211?

Local users with access to the Google App Engine Python SDK versions mentioned can exploit CVE-2011-4211.

Vulnerability/
CVE-2011-4211

high

7.2

CWE

264

30/10/2011

7/8/2024

CVE-2011-4211

First published: Sun Oct 30 2011(Updated: )

The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Google App Engine Python SDK	=1.4.3
Google App Engine Python SDK	=1.1.5
Google App Engine Python SDK	=1.3.4
Google App Engine Python SDK	=1.2.6
Google App Engine Python SDK	=1.2.2
Google App Engine Python SDK	=1.2.7
Google App Engine Python SDK	=1.1.7
Google App Engine Python SDK	=1.0.2
Google App Engine Python SDK	=1.1.3
Google App Engine Python SDK	=1.5.2
Google App Engine Python SDK	=1.1.0
Google App Engine Python SDK	=1.3.1
Google App Engine Python SDK	<=1.5.3
Google App Engine Python SDK	=1.0.1
Google App Engine Python SDK	=1.4.0
Google App Engine Python SDK	=1.1.2
Google App Engine Python SDK	=1.3.8
Google App Engine Python SDK	=1.3.3
Google App Engine Python SDK	=1.2.5
Google App Engine Python SDK	=1.2.0
Google App Engine Python SDK	=1.1.8
Google App Engine Python SDK	=1.1.9
Google App Engine Python SDK	=1.3.7
Google App Engine Python SDK	=1.3.2
Google App Engine Python SDK	=1.2.4
Google App Engine Python SDK	=1.2.1
Google App Engine Python SDK	=1.4.1
Google App Engine Python SDK	=1.2.3
Google App Engine Python SDK	=1.1.4
Google App Engine Python SDK	=1.5.1
Google App Engine Python SDK	=1.3.0
Google App Engine Python SDK	=1.3.6
Google App Engine Python SDK	=1.3.5
Google App Engine Python SDK	=1.1.1
Google App Engine Python SDK	=1.1.6
Google App Engine Python SDK	=1.5.0
Google App Engine Python SDK	=1.4.2

Remedy

http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-4211?
CVE-2011-4211 is classified as a medium severity vulnerability.
How do I fix CVE-2011-4211?
To fix CVE-2011-4211, upgrade to Google App Engine Python SDK version 1.5.4 or later.
What are the affected versions for CVE-2011-4211?
CVE-2011-4211 affects versions of Google App Engine Python SDK prior to 1.5.4.
What type of vulnerability is CVE-2011-4211?
CVE-2011-4211 is a file access control vulnerability in the Google App Engine Python SDK.
Who is impacted by CVE-2011-4211?
Local users with access to the Google App Engine Python SDK versions mentioned can exploit CVE-2011-4211.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/author
agent/weakness
agent/last-modified-date
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/google
canonical/google app engine python sdk
version/google app engine python sdk/1.5.3
version/google app engine python sdk/1.0.1
version/google app engine python sdk/1.0.2
version/google app engine python sdk/1.1.0
version/google app engine python sdk/1.1.1
version/google app engine python sdk/1.1.2
version/google app engine python sdk/1.1.3
version/google app engine python sdk/1.1.4
version/google app engine python sdk/1.1.5
version/google app engine python sdk/1.1.6
version/google app engine python sdk/1.1.7
version/google app engine python sdk/1.1.8
version/google app engine python sdk/1.1.9
version/google app engine python sdk/1.2.0
version/google app engine python sdk/1.2.1
version/google app engine python sdk/1.2.2
version/google app engine python sdk/1.2.3
version/google app engine python sdk/1.2.4
version/google app engine python sdk/1.2.5
version/google app engine python sdk/1.2.6
version/google app engine python sdk/1.2.7
version/google app engine python sdk/1.3.0
version/google app engine python sdk/1.3.1
version/google app engine python sdk/1.3.2
version/google app engine python sdk/1.3.3
version/google app engine python sdk/1.3.4
version/google app engine python sdk/1.3.5
version/google app engine python sdk/1.3.6
version/google app engine python sdk/1.3.7
version/google app engine python sdk/1.3.8
version/google app engine python sdk/1.4.0
version/google app engine python sdk/1.4.1
version/google app engine python sdk/1.4.2
version/google app engine python sdk/1.4.3
version/google app engine python sdk/1.5.0
version/google app engine python sdk/1.5.1
version/google app engine python sdk/1.5.2