{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-10-11T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "google-app-fakefile-priv-esc(71064)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"name": "50464", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50464"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4211", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes", "refsource": "MISC", "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "google-app-fakefile-priv-esc(71064)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}, {"name": "http://blog.watchfire.com/files/googleappenginesdk.pdf", "refsource": "MISC", "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"name": "50464", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50464"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:01:50.977Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "google-app-fakefile-priv-esc(71064)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"name": "50464", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50464"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4211", "datePublished": "2011-10-30T19:00:00.000Z", "dateReserved": "2011-10-30T00:00:00.000Z", "dateUpdated": "2024-08-07T00:01:50.977Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:app_engine_python_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "B180320A-31A2-4944-9237-8BA7420F607F", "versionEndIncluding": "1.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "418F092D-7DCC-4CF6-BE21-90A9E635DB29", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A802984F-7EB3-426A-B829-DE77BD54D0A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F29B1A84-A9C9-424D-9CAE-82D8D81388EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5E098ED-71C0-45BE-8607-7FCE6604155F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EB6A1B5-9884-4C87-A568-015F6471E80F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B6488791-DB99-474A-AE2E-9EC5B7EED80A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "08C5B802-51C1-4544-8DBF-E2ACF5F23981", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F5F9EB0C-D15B-4C8A-B2D1-899738AB587A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "9B8002EF-0B6E-4B06-814F-BD0FB259EE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "B7DD00F8-C815-4144-A230-8024C5337ECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "DB94D124-3EB3-4060-A0F4-710A5EA881E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "A76BC88A-C6AC-4A26-9D01-EDCB95455B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "94A92AB1-CBF6-4DD1-9CF5-83043828A6C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D203CA1-F53B-4D34-80D8-D86C180D0328", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A963A0BF-C8F2-49EA-BBAC-B029B8E093FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9D7B090E-F65F-4FC9-88FE-44A928CFD9DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2BF95B31-ED3B-4D51-82E4-9EA666D9D2E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "88354A89-1CFD-4758-8AD0-85443E251B9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "9C7D8D57-E599-476C-BF75-2D0905E29FCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "EA34B527-47AE-4187-B50A-BF6AC6CFE913", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "662EF41D-0DBE-466C-87F7-CA126099A737", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5DA449B-81EF-4746-A626-E545B2B21B87", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E6F72E0-D32A-4995-8C5A-3B7E71908DCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D48D7C01-07EA-4628-A975-E418705F8DD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "4CC602DA-5413-415F-B388-C48F35511124", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "2526A4F7-777B-4186-B882-C8133DBE6F15", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "427C84D8-3120-4782-AB6F-5125419313A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "B92FB779-4C11-4DE1-901D-B86AACDD8657", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "336FF655-214F-49DA-AE27-C8DEA07074E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4985C56-1E3C-4AC5-AE1C-609D46DF2266", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F27B63FC-B939-44AA-8CB5-8FD48CD78F00", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "55284E5B-F681-4691-98C7-5BC7259A7417", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7845EF6F-6E92-4200-AF9C-F0F738DDF4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9856F64E-AF14-40C8-BC3D-E63627BF00C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A85D7A70-C071-4A00-8E1E-DB0DE933494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA99DEEB-515E-4C19-B56A-11F5E7095306", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."}, {"lang": "es", "value": "La implementaci\u00f3n FakeFile en el entorno de ejecuci\u00f3n controlada en Google App Engine Python SDK anterior a v1.5.4 no controla adecuadamente la apertura de archivos, que permite a usuarios locales eludir restricciones de acceso y crear archivos de su elecci\u00f3n a trav\u00e9s de ALLOWED_MODES y cambios ALLOWED_DIRS dentro del par\u00e1metro \"code\" en _ah/admin/interactive/Execute, una vulnerabilidad diferente a CVE-2011-1364."}], "id": "CVE-2011-4211", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-10-30T19:55:00.960", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/50464"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/50464"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}