An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python | Python | * | 2.7.16 (including) |
Python | Python | 3.0.0 (including) | 3.0.1 (including) |
Python | Python | 3.1.0 (including) | 3.1.5 (including) |
Python | Python | 3.2.0 (including) | 3.2.6 (including) |
Python | Python | 3.3.0 (including) | 3.3.7 (including) |
Python | Python | 3.4.0 (including) | 3.4.10 (including) |
Python | Python | 3.5.0 (including) | 3.5.7 (including) |
Python | Python | 3.6.0 (including) | 3.6.9 (including) |
Python | Python | 3.7.0 (including) | 3.7.4 (including) |