CVE-2011-4211 - Vulnerability Details

Vendors	Products
Google	App Engine Python Sdk

Link	Providers
http://blog.watchfire.com/files/googleappenginesdk.pdf
http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes
http://www.securityfocus.com/bid/50464
https://exchange.xforce.ibmcloud.com/vulnerabilities/71064

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "google-app-fakefile-priv-esc(71064)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"name": "50464", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50464"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4211", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes", "refsource": "MISC", "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "google-app-fakefile-priv-esc(71064)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}, {"name": "http://blog.watchfire.com/files/googleappenginesdk.pdf", "refsource": "MISC", "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"name": "50464", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50464"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:01:50.977Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "google-app-fakefile-priv-esc(71064)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"name": "50464", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50464"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4211", "datePublished": "2011-10-30T19:00:00", "dateReserved": "2011-10-30T00:00:00", "dateUpdated": "2024-08-07T00:01:50.977Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2011-10-11T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-28T12:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes (string)

}

1 : { »

name : google-app-fakefile-priv-esc(71064) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71064 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://blog.watchfire.com/files/googleappenginesdk.pdf (string)

}

3 : { »

name : 50464 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/50464 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2011-4211 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes (string)

refsource : MISC (string)

url : http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes (string)

}

1 : { »

name : google-app-fakefile-priv-esc(71064) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71064 (string)

}

2 : { »

name : http://blog.watchfire.com/files/googleappenginesdk.pdf (string)

refsource : MISC (string)

url : http://blog.watchfire.com/files/googleappenginesdk.pdf (string)

}

3 : { »

name : 50464 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/50464 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T00:01:50.977Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes (string)

}

1 : { »

name : google-app-fakefile-priv-esc(71064) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71064 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://blog.watchfire.com/files/googleappenginesdk.pdf (string)

}

3 : { »

name : 50464 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/50464 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2011-4211 (string)

datePublished : 2011-10-30T19:00:00 (string)

dateReserved : 2011-10-30T00:00:00 (string)

dateUpdated : 2024-08-07T00:01:50.977Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:app_engine_python_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "B180320A-31A2-4944-9237-8BA7420F607F", "versionEndIncluding": "1.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "418F092D-7DCC-4CF6-BE21-90A9E635DB29", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A802984F-7EB3-426A-B829-DE77BD54D0A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F29B1A84-A9C9-424D-9CAE-82D8D81388EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5E098ED-71C0-45BE-8607-7FCE6604155F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EB6A1B5-9884-4C87-A568-015F6471E80F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B6488791-DB99-474A-AE2E-9EC5B7EED80A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "08C5B802-51C1-4544-8DBF-E2ACF5F23981", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F5F9EB0C-D15B-4C8A-B2D1-899738AB587A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "9B8002EF-0B6E-4B06-814F-BD0FB259EE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "B7DD00F8-C815-4144-A230-8024C5337ECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "DB94D124-3EB3-4060-A0F4-710A5EA881E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "A76BC88A-C6AC-4A26-9D01-EDCB95455B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "94A92AB1-CBF6-4DD1-9CF5-83043828A6C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D203CA1-F53B-4D34-80D8-D86C180D0328", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A963A0BF-C8F2-49EA-BBAC-B029B8E093FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9D7B090E-F65F-4FC9-88FE-44A928CFD9DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2BF95B31-ED3B-4D51-82E4-9EA666D9D2E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "88354A89-1CFD-4758-8AD0-85443E251B9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "9C7D8D57-E599-476C-BF75-2D0905E29FCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "EA34B527-47AE-4187-B50A-BF6AC6CFE913", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "662EF41D-0DBE-466C-87F7-CA126099A737", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5DA449B-81EF-4746-A626-E545B2B21B87", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E6F72E0-D32A-4995-8C5A-3B7E71908DCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D48D7C01-07EA-4628-A975-E418705F8DD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "4CC602DA-5413-415F-B388-C48F35511124", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "2526A4F7-777B-4186-B882-C8133DBE6F15", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "427C84D8-3120-4782-AB6F-5125419313A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "B92FB779-4C11-4DE1-901D-B86AACDD8657", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "336FF655-214F-49DA-AE27-C8DEA07074E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4985C56-1E3C-4AC5-AE1C-609D46DF2266", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F27B63FC-B939-44AA-8CB5-8FD48CD78F00", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "55284E5B-F681-4691-98C7-5BC7259A7417", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7845EF6F-6E92-4200-AF9C-F0F738DDF4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9856F64E-AF14-40C8-BC3D-E63627BF00C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A85D7A70-C071-4A00-8E1E-DB0DE933494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA99DEEB-515E-4C19-B56A-11F5E7095306", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."}, {"lang": "es", "value": "La implementaci\u00f3n FakeFile en el entorno de ejecuci\u00f3n controlada en Google App Engine Python SDK anterior a v1.5.4 no controla adecuadamente la apertura de archivos, que permite a usuarios locales eludir restricciones de acceso y crear archivos de su elecci\u00f3n a trav\u00e9s de ALLOWED_MODES y cambios ALLOWED_DIRS dentro del par\u00e1metro \"code\" en _ah/admin/interactive/Execute, una vulnerabilidad diferente a CVE-2011-1364."}], "id": "CVE-2011-4211", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-10-30T19:55:00.960", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/50464"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/50464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B180320A-31A2-4944-9237-8BA7420F607F (string)

versionEndIncluding : 1.5.3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 418F092D-7DCC-4CF6-BE21-90A9E635DB29 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : A802984F-7EB3-426A-B829-DE77BD54D0A7 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F29B1A84-A9C9-424D-9CAE-82D8D81388EC (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A5E098ED-71C0-45BE-8607-7FCE6604155F (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 4EB6A1B5-9884-4C87-A568-015F6471E80F (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : B6488791-DB99-474A-AE2E-9EC5B7EED80A (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 08C5B802-51C1-4544-8DBF-E2ACF5F23981 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : F5F9EB0C-D15B-4C8A-B2D1-899738AB587A (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 9B8002EF-0B6E-4B06-814F-BD0FB259EE2B (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.7:*:*:*:*:*:*:* (string)

matchCriteriaId : B7DD00F8-C815-4144-A230-8024C5337ECB (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.8:*:*:*:*:*:*:* (string)

matchCriteriaId : DB94D124-3EB3-4060-A0F4-710A5EA881E7 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.1.9:*:*:*:*:*:*:* (string)

matchCriteriaId : A76BC88A-C6AC-4A26-9D01-EDCB95455B5E (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 94A92AB1-CBF6-4DD1-9CF5-83043828A6C3 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 0D203CA1-F53B-4D34-80D8-D86C180D0328 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : A963A0BF-C8F2-49EA-BBAC-B029B8E093FA (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D7B090E-F65F-4FC9-88FE-44A928CFD9DA (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 2BF95B31-ED3B-4D51-82E4-9EA666D9D2E8 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 88354A89-1CFD-4758-8AD0-85443E251B9D (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.2.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C7D8D57-E599-476C-BF75-2D0905E29FCE (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.2.7:*:*:*:*:*:*:* (string)

matchCriteriaId : EA34B527-47AE-4187-B50A-BF6AC6CFE913 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 662EF41D-0DBE-466C-87F7-CA126099A737 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : D5DA449B-81EF-4746-A626-E545B2B21B87 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.3.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 2E6F72E0-D32A-4995-8C5A-3B7E71908DCE (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.3.3:*:*:*:*:*:*:* (string)

matchCriteriaId : D48D7C01-07EA-4628-A975-E418705F8DD7 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.3.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 4CC602DA-5413-415F-B388-C48F35511124 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 2526A4F7-777B-4186-B882-C8133DBE6F15 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.3.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 427C84D8-3120-4782-AB6F-5125419313A4 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.3.7:*:*:*:*:*:*:* (string)

matchCriteriaId : B92FB779-4C11-4DE1-901D-B86AACDD8657 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.3.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 336FF655-214F-49DA-AE27-C8DEA07074E9 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A4985C56-1E3C-4AC5-AE1C-609D46DF2266 (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F27B63FC-B939-44AA-8CB5-8FD48CD78F00 (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 55284E5B-F681-4691-98C7-5BC7259A7417 (string)

vulnerable : true (boolean)

}

33 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.4.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 7845EF6F-6E92-4200-AF9C-F0F738DDF4E6 (string)

vulnerable : true (boolean)

}

34 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9856F64E-AF14-40C8-BC3D-E63627BF00C9 (string)

vulnerable : true (boolean)

}

35 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A85D7A70-C071-4A00-8E1E-DB0DE933494E (string)

vulnerable : true (boolean)

}

36 : { »

criteria : cpe:2.3:a:google:app_engine_python_sdk:1.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : CA99DEEB-515E-4C19-B56A-11F5E7095306 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. (string)

}

1 : { »

lang : es (string)

value : La implementación FakeFile en el entorno de ejecución controlada en Google App Engine Python SDK anterior a v1.5.4 no controla adecuadamente la apertura de archivos, que permite a usuarios locales eludir restricciones de acceso y crear archivos de su elección a través de ALLOWED_MODES y cambios ALLOWED_DIRS dentro del parámetro "code" en _ah/admin/interactive/Execute, una vulnerabilidad diferente a CVE-2011-1364. (string)

}

]

id : CVE-2011-4211 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.2 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:L/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2011-10-30T19:55:00.960 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

]

url : http://blog.watchfire.com/files/googleappenginesdk.pdf (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

]

url : http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/50464 (string)

}

3 : { »

source : cve@mitre.org (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71064 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

]

url : http://blog.watchfire.com/files/googleappenginesdk.pdf (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes (string)

}

6 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/50464 (string)

}

7 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/71064 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object