CVE-2011-4211

Name of the Vulnerable Software and Affected Versions Google App Engine Python SDK versions prior to 1.5.4

Description The issue is related to the FakeFile implementation in the sandbox environment, which does not properly control the opening of files. This allows local users to bypass intended access restrictions and create arbitrary files. The exploitation is possible via changes within the code parameter to the "/ ah/admin/interactive/execute" API endpoint, specifically by modifying ALLOWED MODES and ALLOWED DIRS.

Recommendations For Google App Engine Python SDK versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue.