CVE-2024-6923

MEDIUM5.5EPSS 0.24%

Email header injection due to unquoted newlines

發布日:2024/8/1修改日:2026/4/28

描述

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

受影響套件(9)

Alpine/python3from 0, < 3.10.15-r0
Bitnami/libpythonfrom 0, < 3.8.20, >= 3.9.0, < 3.9.20, >= 3.10.0, < 3.10.15, >= 3.11.0, < 3.11.10, >= 3.12.0, < 3.12.5
Bitnami/pythonfrom 0, < 3.8.20, >= 3.9.0, < 3.9.20, >= 3.10.0, < 3.10.15, >= 3.11.0, < 3.11.10, >= 3.12.0, < 3.12.5
Bitnami/python-minfrom 0, < 3.8.20, >= 3.9.0, < 3.9.20, >= 3.10.0, < 3.10.15, >= 3.11.0, < 3.11.10, >= 3.12.0, < 3.12.5
Debian/pypy3from 0, < 7.3.5+dfsg-2+deb11u5
Debian/python2.7from 0
Debian/python3.11from 0, < 3.11.2-6+deb12u5
Debian/python3.13from 0, < 3.13.0~rc2-1
Debian/python3.9from 0, < 3.9.2-1+deb11u2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

描述

受影響套件(9)

CVSS 分數

參考連結(18)