CVE-2024-6923

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-6923
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6923.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-6923
Aliases
Downstream
Related
Published
2024-08-01T13:40:11.069Z
Modified
2026-05-13T12:03:16.747775845Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Email header injection due to unquoted newlines
Details

There is a MEDIUM severity vulnerability affecting CPython.

The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

Database specific 
{
    "cna_assigner": "PSF",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6923.json"
}
References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
39b2f82717a69dde7212bc39b673b0f55c99e6a3
Introduced
9cf6752276e6fcfd0c23fdb064ad27f448aaaf75
Fixed
8c3f7946ec848ec16cf28418c0f984ecaa029541
Introduced
b494f5935c92951e75597bfe1c8b1f3112fec270
Fixed
ffee63f34445412322a7afc2535731be221cabba
Introduced
deaf509e8fc6e0363bd6f26d52ad42f976ec42f2
Fixed
0c47759eee3e170e04a5dae82f12f6b375ae78f7
Introduced
0fb18b02c8ad56299d6a2910be0bab8ad601ef24
Fixed
ff3bc82f7c9882c27aad597aac79355da7257186
Introduced
2268289a47c6e3c9a220b53697f9480ec390466f
Fixed
ec610069637d56101896803a70d418a89afe0b4b
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.20"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.20"
        },
        {
            "introduced": "3.10.0"
        },
        {
            "fixed": "3.10.15"
        },
        {
            "introduced": "3.11.0"
        },
        {
            "fixed": "3.11.10"
        },
        {
            "introduced": "3.12.0"
        },
        {
            "fixed": "3.12.5"
        },
        {
            "introduced": "3.13.0a1"
        },
        {
            "fixed": "3.13.0rc2"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v0.*
v0.9.8
v0.9.9
v1.*
v1.0.1
v1.0.2
v1.1
v1.1.1
v1.2
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3b1
v1.4
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6a1
v1.6a2
v2.*
v2.0
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2a3
v2.3c1
v2.3c2
v2.4
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v3.*
v3.0a1
v3.0a2
v3.0a3
v3.0a4
v3.0a5
v3.0b1
v3.0b2
v3.0b3
v3.0rc1
v3.0rc2
v3.0rc3
v3.1
v3.10.0a1
v3.10.0a7
v3.10.0b1
v3.10.0b2
v3.10.0b3
v3.10.0b4
v3.10.0rc1
v3.10.0rc2
v3.10.1
v3.10.10
v3.10.11
v3.10.12
v3.10.13
v3.10.14
v3.10.2
v3.10.3
v3.10.4
v3.10.5
v3.10.6
v3.10.7
v3.10.8
v3.10.9
v3.11.0a3
v3.11.0a4
v3.11.0a5
v3.11.0a6
v3.11.0a7
v3.11.0b1
v3.11.0b2
v3.11.0b3
v3.11.0b4
v3.11.0b5
v3.11.0rc1
v3.11.0rc2
v3.11.1
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9
v3.12.0
v3.12.1
v3.12.2
v3.12.3
v3.12.4
v3.13.0b1
v3.13.0b2
v3.13.0b3
v3.13.0b4
v3.13.0rc1
v3.1a1
v3.1a2
v3.1b1
v3.1rc1
v3.1rc2
v3.2a1
v3.2a2
v3.2a3
v3.2a4
v3.2b1
v3.2b2
v3.2rc1
v3.2rc2
v3.2rc3
v3.3.0a2
v3.3.0a3
v3.3.0a4
v3.3.0b1
v3.3.0b2
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.4.0a1
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0b1
v3.4.0b2
v3.4.0b3
v3.5.0a1
v3.5.0a2
v3.5.0a3
v3.5.0a4
v3.5.0b1
v3.6.0a3
v3.6.0b1
v3.7.0a2
v3.8.0rc1
v3.8.11
v3.8.12
v3.8.13
v3.8.14
v3.8.15
v3.8.16
v3.8.17
v3.8.18
v3.8.19
v3.8.3
v3.8.3rc1
v3.8.5
v3.8.8
v3.8.8rc1
v3.9.0a2
v3.9.0b1
v3.9.0b3
v3.9.0b5
v3.9.11
v3.9.12
v3.9.13
v3.9.14
v3.9.15
v3.9.16
v3.9.17
v3.9.18
v3.9.19
v3.9.2
v3.9.2rc1
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-6923.json"