Описание
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.13 | fixed | 3.13.0~rc2-1 | package | |
| python3.12 | fixed | 3.12.5-1 | package | |
| python3.11 | removed | package | ||
| python3.11 | fixed | 3.11.2-6+deb12u5 | bookworm | package |
| python3.9 | removed | package | ||
| python2.7 | removed | package | ||
| python2.7 | ignored | bullseye | package | |
| pypy3 | fixed | 7.3.18+dfsg-1 | package | |
| pypy3 | no-dsa | bookworm | package |
Примечания
https://github.com/python/cpython/issues/121650
https://github.com/python/cpython/pull/122233
https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0 (v3.13.0rc2)
https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7 (v3.12.5)
https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533 (v3.11.10)
https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147 (v3.10.15)
https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6 (v3.9.20)
EPSS
Связанные уязвимости
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
EPSS