CVE-2011-1364 in App Engine Python SDKinformazioni

Riassunto

di MITRE

Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

10/03/2011

Divulgazione

30/10/2011

Moderazione

accettato

Voce

VDB-59256

CPE

pronto

CWE

CWE-352 (confermato)

CVSS

6.3 (VulDB)

EPSS

0.00495

KEV

Attività

molto basso

Settore

Telecommunication, Finance, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1364
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1364
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1364/

◂ Precedente Visione D'ensemble Il prossimo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!