Описание
There is a MEDIUM severity vulnerability affecting CPython.
The
email module didn’t properly quote newlines for email headers when
serializing an email message allowing for header injection when an email
is serialized.
A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.
Отчет
Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide "symlinks" to the main python3 component, which provides the actual interpreter of the Python programming language.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | python3.12 | Not affected | ||
| Red Hat Enterprise Linux 6 | python | Will not fix | ||
| Red Hat Enterprise Linux 7 | python | Will not fix | ||
| Red Hat Enterprise Linux 7 | python3 | Will not fix | ||
| Red Hat Enterprise Linux 8 | gimp:flatpak/python2 | Will not fix | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Not affected | ||
| Red Hat Enterprise Linux 8 | python39 | Fixed | RHSA-2024:5962 | 28.08.2024 |
| Red Hat Enterprise Linux 8 | python39-devel | Fixed | RHSA-2024:5962 | 28.08.2024 |
| Red Hat Enterprise Linux 8 | python3.12 | Fixed | RHSA-2024:6961 | 24.09.2024 |
| Red Hat Enterprise Linux 8 | python3.11 | Fixed | RHSA-2024:6962 | 24.09.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
There is a MEDIUM severity vulnerability affecting CPython. The emai ...
EPSS
6.8 Medium
CVSS3