Description
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
References (15)
Core 15
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240926-0003/
Issue Tracking patch
https://github.com/python/cpython/pull/122233
Issue Tracking issue-tracking
https://github.com/python/cpython/issues/121650
Various Sources vendor-advisory
https://mail.python.org/archives/list/[email protected]/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/
Scores
CVSS v3
5.5
EPSS
0.0024
EPSS Percentile
47.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (6)
Python Software Foundation/CPython
< 3.8.20
Python Software Foundation/CPython
3.10.0 - 3.10.15
Python Software Foundation/CPython
3.11.0 - 3.11.10
Python Software Foundation/CPython
3.12.0 - 3.12.5
Python Software Foundation/CPython
3.13.0a1 - 3.13.0rc2
Python Software Foundation/CPython
3.9.0 - 3.9.20
Published
Aug 01, 2024
Tracked Since
Feb 18, 2026