Описание
Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.
Ссылки
- Exploit
- Patch
- Exploit
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.3 (включая)
Одно из
cpe:2.3:a:google:app_engine_python_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:google:app_engine_python_sdk:1.5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00149
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in _ah/admin/interactive/execute (aka the Interactive Console) in the SDK Console (aka Admin Console) in the Google App Engine Python SDK before 1.5.4 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary Python code via the code parameter.
EPSS
Процентиль: 36%
0.00149
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352