Updated: 2024-02-26 20:11:09.92051
Description:
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 5.3 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | python3 | 3.9.16 | 5.3 | MEDIUM | Released | CLSA-2024:1711648611 | 2024-03-28 14:13:09 |
CentOS 6 ELS | python | 2.6.6 | 5.3 | MEDIUM | Ignored | 2023-04-28 11:04:35 | |
CentOS 7 ELS | python3 | 3.6.8 | 5.3 | MEDIUM | Ignored | 2023-09-19 09:30:15 | |
CentOS 7 ELS | python | 2.7.5 | 5.3 | MEDIUM | Released | CLSA-2024:1711491407 | 2024-04-09 11:20:05 |
CentOS 8.4 ELS | python3 | 3.6.8 | 5.3 | MEDIUM | Released | CLSA-2024:1717693112 | 2024-06-06 14:35:21 |
CentOS 8.4 ELS | python2 | 2.7.18 | 5.3 | MEDIUM | Released | CLSA-2024:1717693264 | 2024-06-06 14:35:22 |
CentOS 8.5 ELS | python3 | 3.6.8 | 5.3 | MEDIUM | Released | CLSA-2024:1717692229 | 2024-06-06 14:35:19 |
CentOS 8.5 ELS | python2 | 2.7.18 | 5.3 | MEDIUM | Released | CLSA-2024:1717692075 | 2024-06-06 14:35:20 |
CentOS Stream 8 ELS | python2 | 2.7.18 | 5.3 | MEDIUM | Ignored | 2024-09-09 12:12:14 | |
CloudLinux 6 ELS | python | 2.6.6 | 5.3 | MEDIUM | Ignored | 2023-04-28 11:04:35 |