CVE-2024-6923

{"id": "CVE-2024-6923", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.1}]}, "published": "2024-08-01T14:15:03.647", "references": [{"url": "https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/issues/121650", "source": "cna@python.org"}, {"url": "https://github.com/python/cpython/pull/122233", "source": "cna@python.org"}, {"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/", "source": "cna@python.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn\u2019t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized."}, {"lang": "es", "value": "Existe una vulnerabilidad de gravedad MEDIA que afecta a CPython. El m\u00f3dulo de correo electr\u00f3nico no citaba correctamente las nuevas l\u00edneas para los encabezados de correo electr\u00f3nico al serializar un mensaje de correo electr\u00f3nico, lo que permit\u00eda la inyecci\u00f3n de encabezado cuando se serializa un correo electr\u00f3nico."}], "lastModified": "2024-09-04T21:15:14.567", "sourceIdentifier": "cna@python.org"}