A Code Execution Vulnerability in Google App Engine SDK for Python

A Code Execution Vulnerability in Google App Engine SDK for Python

IntroductionGoogle App Engine is a great technology allowing web developers to develop their own web applications,test them in their internal framework, and deploy them to Google’s appspot.com domain.The Google App Engine framework allows developers to write their web site logic in Python, and offers several frameworks specially created for this. In addition, Google App Engine provides an SDK Console via web that acts as an administration console for the newly written application.This advisory lists 4 different vulnerabilities, one in admin console and three others in the Google python API, which allow a remote attacker to gain full code execution on the developer’s machine. These severe issues have been communicated to Google, and a fix was released last month on Sep 12, 2012 (in version 1.5.4).

Download PDF: http://blog.watchfire.com

Advertisements

7 Comments

  1. I am impressed the way you illustrate it. I think i will be coming back to read some of your post. -Cheers, Mike.

    • Thank’s For Visiting:)

  2. I have seen something alike about this point of view. But it seems your’s is unique and best.

  3. I love the way you presented your post above. You are a blog genius!

    • thank’s u

  4. I love the way you presented your post above. You are a blog mega guru!

  5. Thanks for this wondeful post. i just wish many could read this for them to know.


Sorry, the comment form is closed at this time.

Comments RSS