Security Explorations CEO Adam Gowdiak says he’s found 41 flaws in Google App Engine for Java. He says he has sent Google proof-of-concept exploit code to demonstrate how the flaws could be exploited. Google declined to comment on whether it would still award the promised $20,000 bounty. Google’s Project Zero bug-hunting team has begun informing vendors of vulnerabilities it has discovered in their products, giving them just 90 days to issue a fix before details of the flaws are automatically released to the public.”]
Source: https://www.databreachtoday.com/google-app-engine-flaws-described-a-8227

