
We found results for “”
CVE-2023-27043
Good to know:

Date: April 17, 2023
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Language: Python
Severity Score
Related Resources (48)
Severity Score
Weakness Type (CWE)
Improper Input Validation
CWE-20Top Fix

Upgrade Version
Upgrade to version cpython - 3.12.6;cpython - 3.11.10;cpython - 3.10.15;cpython - 3.9.20;cpython - 3.8.20;https://github.com/python/cpython.git - v3.13.0a3;https://github.com/python/cpython.git - v3.12.6;https://github.com/python/cpython.git - v3.11.10;https://github.com/python/cpython.git - v3.10.15;https://github.com/python/cpython.git - v3.9.20;https://github.com/python/cpython.git - v3.8.20
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |