Home > Vulnerability Database > CVE-2024-6923

Mend.io Vulnerability Database

CVE-2024-6923

Date: August 1, 2024

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

Language: Python

Severity Score

5.5

Related Resources (18)

Url: https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7

Url: https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html

Url: https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6

Url: https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533

Url: https://security-tracker.debian.org/tracker/CVE-2024-6923

Url: http://www.openwall.com/lists/oss-security/2024/08/01/3

Url: http://www.openwall.com/lists/oss-security/2024/08/02/2

Url: https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/

Url: https://security.netapp.com/advisory/ntap-20240926-0003/

Url: https://security.alpinelinux.org/vuln/CVE-2024-6923

Url: https://github.com/python/cpython/issues/121650

Url: https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1

Url: https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0

Url: https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384

Url: https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147

Url: https://github.com/python/cpython/pull/122233

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6923

Url: https://www.mend.io/vulnerability-database/CVE-2024-6923

Severity Score

5.5

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6923

Date: August 1, 2024

Language: Python

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?