Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google App Engine 跨站请求伪造的漏洞
Vulnerability Description
Google App Engine是美国谷歌(Google)公司的一个开发、托管网络应用程序的平台,使用Google管理的数据中心。 Google App Engine Python SDK 1.5.4之前版本中的SDK Console (也称为Admin Console)的_ah/admin/interactive/execute (也称为the Interactive Console)中存在跨站请求伪造漏洞。远程攻击者可借助code参数劫持管理者的认证来请求执行任意Python代码。
CVSS Information
N/A
Vulnerability Type
N/A