CVE-2024-6923

Summary

There is a MEDIUM severity vulnerability affecting CPython.

The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

Affected Software

VendorProductVersion RangeStatus
Python Software FoundationCPython0 < 3.8.20affected
Python Software FoundationCPython3.9.0 < 3.9.20affected
Python Software FoundationCPython3.10.0 < 3.10.15affected
Python Software FoundationCPython3.11.0 < 3.11.10affected
Python Software FoundationCPython3.12.0 < 3.12.5affected
Python Software FoundationCPython3.13.0a1 < 3.13.0rc2affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References