Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-15366

Опубликовано: 20 янв. 2026
Источник: debian

Описание

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.14unfixedpackage
python3.13unfixedpackage
python3.13no-dsatrixiepackage
python3.11removedpackage
python3.11no-dsabookwormpackage
python3.9removedpackage
pypy3unfixedpackage
pypy3no-dsatrixiepackage
pypy3no-dsabookwormpackage
pypy3postponedbullseyepackage
python2.7removedpackage
python2.7end-of-lifebullseyepackage
jythonunfixedpackage
jythonno-dsatrixiepackage
jythonno-dsabookwormpackage
jythonend-of-lifebullseyepackage

Примечания

  • https://github.com/python/cpython/issues/143921

  • https://github.com/python/cpython/pull/143922

  • https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7JZJYTBXMDOWKCEIEBJLBRU64OMR/

  • https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b45 (main)

  • Potential regression: https://github.com/python/cpython/pull/143922#issuecomment-3774866549

Связанные уязвимости

ubuntu логотип

CVE-2025-15366

ubuntu
2 месяца назад

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

redhat логотип

CVE-2025-15366

CVSS3: 7.1
redhat
2 месяца назад

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

nvd логотип

CVE-2025-15366

nvd
2 месяца назад

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

github логотип

GHSA-4c67-8q63-xrxq

github
2 месяца назад

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

rocky логотип

RLSA-2026:4216

rocky
19 дней назад

Moderate: python3.11 security update