{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"name": "google-apps-ospopen-priv-esc(71063)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71063"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4212", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes", "refsource": "MISC", "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"name": "http://blog.watchfire.com/files/googleappenginesdk.pdf", "refsource": "MISC", "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"name": "google-apps-ospopen-priv-esc(71063)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71063"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:01:51.162Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"name": "google-apps-ospopen-priv-esc(71063)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71063"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4212", "datePublished": "2011-10-30T19:00:00", "dateReserved": "2011-10-30T00:00:00", "dateUpdated": "2024-08-07T00:01:51.162Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:app_engine_python_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "B180320A-31A2-4944-9237-8BA7420F607F", "versionEndIncluding": "1.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "418F092D-7DCC-4CF6-BE21-90A9E635DB29", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A802984F-7EB3-426A-B829-DE77BD54D0A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F29B1A84-A9C9-424D-9CAE-82D8D81388EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A5E098ED-71C0-45BE-8607-7FCE6604155F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EB6A1B5-9884-4C87-A568-015F6471E80F", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B6488791-DB99-474A-AE2E-9EC5B7EED80A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "08C5B802-51C1-4544-8DBF-E2ACF5F23981", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F5F9EB0C-D15B-4C8A-B2D1-899738AB587A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "9B8002EF-0B6E-4B06-814F-BD0FB259EE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "B7DD00F8-C815-4144-A230-8024C5337ECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "DB94D124-3EB3-4060-A0F4-710A5EA881E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "A76BC88A-C6AC-4A26-9D01-EDCB95455B5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "94A92AB1-CBF6-4DD1-9CF5-83043828A6C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0D203CA1-F53B-4D34-80D8-D86C180D0328", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A963A0BF-C8F2-49EA-BBAC-B029B8E093FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "9D7B090E-F65F-4FC9-88FE-44A928CFD9DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "2BF95B31-ED3B-4D51-82E4-9EA666D9D2E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "88354A89-1CFD-4758-8AD0-85443E251B9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "9C7D8D57-E599-476C-BF75-2D0905E29FCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "EA34B527-47AE-4187-B50A-BF6AC6CFE913", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "662EF41D-0DBE-466C-87F7-CA126099A737", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5DA449B-81EF-4746-A626-E545B2B21B87", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2E6F72E0-D32A-4995-8C5A-3B7E71908DCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D48D7C01-07EA-4628-A975-E418705F8DD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "4CC602DA-5413-415F-B388-C48F35511124", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "2526A4F7-777B-4186-B882-C8133DBE6F15", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "427C84D8-3120-4782-AB6F-5125419313A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "B92FB779-4C11-4DE1-901D-B86AACDD8657", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "336FF655-214F-49DA-AE27-C8DEA07074E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4985C56-1E3C-4AC5-AE1C-609D46DF2266", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "F27B63FC-B939-44AA-8CB5-8FD48CD78F00", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "55284E5B-F681-4691-98C7-5BC7259A7417", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7845EF6F-6E92-4200-AF9C-F0F738DDF4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "9856F64E-AF14-40C8-BC3D-E63627BF00C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A85D7A70-C071-4A00-8E1E-DB0DE933494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:app_engine_python_sdk:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "CA99DEEB-515E-4C19-B56A-11F5E7095306", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent os.popen calls, which allows local users to bypass intended access restrictions and execute arbitrary commands via a dev_appserver.RestrictedPathFunction._original_os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."}, {"lang": "es", "value": "El entorno de entorno de ejecuci\u00f3n segura en Google App Engine Python SDK anterior a v1.5.4 no previene de forma adecuada llamadas os.popen, lo que permite a usuarios locales eludir restricciones de acceso y ejecutar comandos de su elecci\u00f3n a trav\u00e9s de una referencia dev_appserver.RestrictedPathFunction._original_os dentro del par\u00e1metros \"code\" en _ah/admin/interactive/execute, una vulnerabilidad diferente a CVE-2011-1364."}], "id": "CVE-2011-4212", "lastModified": "2017-08-29T01:30:28.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-10-30T19:55:01.007", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71063"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}