<--

Google App Engine Python SDK Code Execution

Aleph Research Advisory

Identifier

Severity

High

Product

Google App Engine SDK for Python

Mitigation

Upgrade to version 1.5.4 or later.

Technical Details

By combining a CSRF vulnerability in the administration web UI, with some other vulnerabilities in the Google python libraries, a remote attacker could gain remote code execution privileges on victim’s machine. This vulnerability affects all operation systems running Google App Engine SDK for python (i.e. Windows, Mac OS, etc.).

Timeline

Credit

External References