icon

We found results for “

CVE-2023-27043

Good to know:

icon

Date: April 17, 2023

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Language: Python

Severity Score

Related Resources (48)

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

icon

Upgrade Version

Upgrade to version cpython - 3.12.6;cpython - 3.11.10;cpython - 3.10.15;cpython - 3.9.20;cpython - 3.8.20;https://github.com/python/cpython.git - v3.13.0a3;https://github.com/python/cpython.git - v3.12.6;https://github.com/python/cpython.git - v3.11.10;https://github.com/python/cpython.git - v3.10.15;https://github.com/python/cpython.git - v3.9.20;https://github.com/python/cpython.git - v3.8.20

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us