Astra Linux - уязвимость в python3.11, python2.7, python3.7, pypy

The email module in Python, as of version 3.11.3, incorrectly parses email addresses that contain special characters. The incorrect portion of the RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism by allowing access to...

Astra Linux - уязвимость в pypy

A issue was discovered in Python versions 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module incorrectly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of check on the From/To...

ROS-20260505-73-0060

A vulnerability in the email module of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow a remote attacker to compromise the integrity of protected information...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

Python Email Header Injection Mitigation Tester

This tool demonstrates how modern Python's email library EmailMessage with policy.default effectively prevents email header injection attacks. By rejecting newline and carriage return characters in header values, the library enforces RFC 5322 compliance and blocks classic injection attempts such ...

CVE-2026-1299

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

AZL-75234 CVE-2026-1299 affecting package python3 3.12.9-8

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

MiracleLinux 9 : python3.12-3.12.1-4.el9_4.3 (AXSA:2024-8798:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8798:06 advisory. cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection CVE-2024-6923 Tenable has extracted the preceding...

MiracleLinux 9 : python3.9-3.9.18-3.el9_4.5 (AXSA:2024-8758:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8758:05 advisory. cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection CVE-2024-6923 Tenable has extracted the preceding...

MiracleLinux 9 : python3.11-3.11.7-1.el9.ML.1 (AXSA:2024-7974:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7974:03 advisory. python: Parsing errors in email/parseaddr.py lead to incorrect value in email address part of tuple CVE-2023-27043 Tenable has extracted the preceding...

Siemens Ruggedcom ROX Improper Input Validation (CVE-2023-27043)

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

TencentOS Server 4: python3.12 (TSSA-2024:0709)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0709 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security Bulletin: A vulnerability in Python affects IBM Robotic Process Automation and may result in unauthorized access in some applications (CVE-2023-27043)

Summary A vulnerability in Python affects IBM Robotic Process Automation and may result in unauthorized access in some applications. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve this vulnerability. Vulnerability Details...

EUVD-2022-4932

Malicious code in bioql PyPI...

Security Bulletin: Multiple vulnerabilities in python and babel runtime affect IBM DevOps Automation Code

Summary Python version 3.9.15, vulnerable to CVE-2023-27043, CVE-2024-3220 and babel version 7.27.7 vulnerable to CVE-2025-27789 are used inside DevOps Automation Code 1.0.1 containers. Vulnerability Details CVEID:CVE-2024-3220 DESCRIPTION: There is a defect in the CPython standard library module...