CVE-2019-11340

2019-04-19T14:29:00
ID CVE-2019-11340
Type cve
Reporter cve@mitre.org
Modified 2019-04-22T17:52:00

Description

util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.