Severity
6.0
Medium severity
Details
- CVSS score
- 6.0
- CVSS vector
- CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Overview
About vulnerability
The email module, specifically the “BytesGenerator” class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using “LiteralHeader” writing headers that don’t respect email folding rules, the new behavior will reject the incorrectly folded headers in “BytesGenerator”.Details
- Affected product:
- AlmaLinux 9.2 ESU , Alpine Linux 3.22 , Alpine Linux 3.23 , CentOS 7 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , CloudLinux 7 ELS , Debian 10 , Debian 11 , Debian 12 , Debian 13 , EL 10 , EL 7 , EL 8 , EL 9 , Oracle Linux 7 ELS , RHEL 7 ELS , TuxCare 9.6 ESU , Ubuntu 16.04 , Ubuntu 18.04 , Ubuntu 20.04 , Ubuntu 22.04 , Ubuntu 24.04
- Affected packages:
- python @ 3.6.15 (+74 more)