Описание
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python3.14 | unfixed | package | ||
| python3.13 | unfixed | package | ||
| python3.13 | no-dsa | trixie | package | |
| python3.11 | removed | package | ||
| python3.11 | no-dsa | bookworm | package | |
| python3.9 | removed | package | ||
| pypy3 | unfixed | package | ||
| pypy3 | no-dsa | trixie | package | |
| pypy3 | no-dsa | bookworm | package | |
| pypy3 | postponed | bullseye | package | |
| python2.7 | removed | package | ||
| python2.7 | end-of-life | bullseye | package | |
| jython | unfixed | package | ||
| jython | no-dsa | trixie | package | |
| jython | no-dsa | bookworm | package | |
| jython | end-of-life | bullseye | package |
Примечания
https://github.com/python/cpython/issues/143923
https://github.com/python/cpython/pull/143924
https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBOWVGGUJFSGITQCCBZS4GEYYZ7ZNE/
https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874e7 (main)
Potential regression: https://github.com/python/cpython/pull/143924#issuecomment-3774869691
EPSS
Связанные уязвимости
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
EPSS