Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google App Engine Python SDK 预期权限绕过漏洞
Vulnerability Description
Google Apps是Google推出的在线的应用应用服务,可以向用户提供带有私人标志的电子邮件、即时通信、日历工具、网站设计工具、协同办公工具等。 Google App Engine Python SDK 1.5.4之前版本存在漏洞。由于sandbox环境不能准确限制对操作系统模块的访问,本地用户可借助_ah/admin/interactive/execute中code参数的file_blob_storage.os引用绕过预期的访问限制和执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A