Описание
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was deferred |
| devel | DNE | |
| esm-apps/focal | released | 2.7.18-1~20.04.4+esm3 |
| esm-apps/jammy | released | 2.7.18-13ubuntu1.2+esm3 |
| esm-infra-legacy/trusty | not-affected | 2.7.6-8ubuntu0.6+esm20 |
| esm-infra/bionic | released | 2.7.17-1~18.04ubuntu1.13+esm6 |
| esm-infra/xenial | released | 2.7.12-1ubuntu0~16.04.18+esm11 |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| kinetic | ignored | end of life, was deferred [2024-08-19] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | released | 3.10.12-1~22.04.6 |
| kinetic | ignored | end of life, was deferred [2024-08-19] |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/jammy | needed | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needed | |
| kinetic | ignored | end of life, was deferred [2024-08-19] |
| lunar | ignored | end of life, was deferred [2024-08-19] |
| mantic | ignored | end of life, was deferred [2024-08-19] |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | released | 3.12.3-1ubuntu0.2 |
| oracular | not-affected | 3.12.6-1 |
| plucky | DNE | |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 3.13.0~rc2-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | not-affected | 3.13.0~rc2-1 |
| plucky | not-affected | 3.13.0~rc2-1 |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | needed | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 3.5.2-2ubuntu0~16.04.4~14.04.1+esm3 |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 3.5.2-2ubuntu0~16.04.13+esm15 |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was deferred |
| devel | DNE | |
| esm-infra/bionic | needed | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was deferred |
| devel | DNE | |
| esm-apps/bionic | needed | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was deferred |
| devel | DNE | |
| esm-apps/bionic | needed | |
| esm-infra/focal | not-affected | 3.8.10-0ubuntu1~20.04.12 |
| focal | released | 3.8.10-0ubuntu1~20.04.12 |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/focal | needed | |
| focal | ignored | end of standard support, was needed |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE |
Показывать по
Ссылки на источники
5.3 Medium
CVSS3
Связанные уязвимости
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
The email module of Python through 3.11.3 incorrectly parses e-mail ad ...
5.3 Medium
CVSS3