A Code Execution Vulnerability in Google App Engine SDK for Python
Google App Engine is a great technology
allowing web developers to develop their own web applications,test them
in their internal framework, and deploy them to Google’s appspot.com
domain.The Google App Engine framework allows developers to write their
web site logic in Python, and offers several frameworks specially
created for this. In addition, Google App Engine provides an SDK Console
via web that acts as an administration console for the newly written
application.This advisory lists 4 different vulnerabilities, one in
admin console and three others in the Google python API, which allow a
remote attacker to gain full code execution on the developer’s machine.
These severe issues have been communicated to Google, and a fix was
released last month on Sep 12, 2012 (in version 1.5.4).
Download PDF
Download PDF
No comments:
Post a Comment