CVE-2024-6923

MEDIUM5.5EPSS 0.24%

Email header injection due to unquoted newlines

Published: 8/1/2024Modified: 12/3/2025

Also known as:ALPINE-CVE-2024-6923

Description

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

Affected packages (9)

Alpine/python3from 0, < 3.10.15-r0
Bitnami/libpythonfrom 0, < 3.8.20, >= 3.9.0, < 3.9.20, >= 3.10.0, < 3.10.15, >= 3.11.0, < 3.11.10, >= 3.12.0, < 3.12.5
Bitnami/pythonfrom 0, < 3.8.20, >= 3.9.0, < 3.9.20, >= 3.10.0, < 3.10.15, >= 3.11.0, < 3.11.10, >= 3.12.0, < 3.12.5
Bitnami/python-minfrom 0, < 3.8.20, >= 3.9.0, < 3.9.20, >= 3.10.0, < 3.10.15, >= 3.11.0, < 3.11.10, >= 3.12.0, < 3.12.5
Debian/pypy3from 0, < 7.3.5+dfsg-2+deb11u5
Debian/python2.7from 0
Debian/python3.11from 0, < 3.11.2-6+deb12u5
Debian/python3.13from 0, < 3.13.0~rc2-1
Debian/python3.9from 0, < 3.9.2-1+deb11u2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Description

Affected packages (9)

CVSS scores

References (18)