Home > Vulnerability Database > CVE-2024-6923

Mend.io Vulnerability Database

CVE-2024-6923

Good to know:

Date: August 1, 2024

There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

Language: Python

Severity Score

5.5

Related Resources (16)

Url: https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7

Url: https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html

Url: https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6

Url: https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533

Url: http://www.openwall.com/lists/oss-security/2024/08/01/3

Url: http://www.openwall.com/lists/oss-security/2024/08/02/2

Url: https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/

Url: https://security.netapp.com/advisory/ntap-20240926-0003/

Url: https://github.com/python/cpython/issues/121650

Url: https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1

Url: https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0

Url: https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384

Url: https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147

Url: https://github.com/python/cpython/pull/122233

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6923

Url: https://www.mend.io/vulnerability-database/CVE-2024-6923

Severity Score

5.5

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Top Fix

Upgrade Version

Upgrade to version pypy3.9 - 7.3.12;Microsoft.NET.Runtime.Emscripten.3.1.12.Python.osx-x64 - no_fix;python - 3.11.6;python - 3.8.20;python - 3.8.14;python - 3.9.14;python - 3.11.10;python - 3.12.5;python - 3.6.0a3;python - 3.9.20;python - 3.10.15;python - 3.11.1;python - 3.10.7;michaeld555/pdf-converter - no_fix;michaeld555/pdf-converter - v1.0.0;ZioByte.OpenOffice - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.12.Python.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Python.osx-arm64 - 8.0.14;Microsoft.NET.Runtime.Emscripten.3.1.34.Python.osx-arm64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.34.Python.osx-x64 - 8.0.14;Microsoft.NET.Runtime.Emscripten.3.1.34.Python.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.21.Python.osx-x64 - no_fix;pythonx86 - 3.6.1;pypy3.6 - no_fix;pypy3.8 - no_fix;Microsoft.NET.Runtime.Emscripten.2.0.23.Python.osx-x64 - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.56.Python.osx-x64 - 9.0.1;ZioByte.OpenOffice.PDFConverter - no_fix;firecloud - no_fix;LostTech.TensorBoard.Python.runtime.win-x64 - no_fix;pypy3.7 - no_fix;rustpython-pylib - no_fix;python - 3.6.1;python3 - 3.8.2;OpenOffice.PDF.Converter - no_fix;python-full-x64 - 3.6.1;Microsoft.NET.Runtime.Emscripten.3.1.56.Python.osx-arm64 - 9.0.1;rustpython - 0.3.0;python-full-x86 - 3.6.1;michaeld555/nfe-parser - no_fix;Microsoft.NET.Runtime.Emscripten.3.1.7.Python.osx-x64 - no_fix;google-cloud-sdk - 411.0.0;Microsoft.NET.Runtime.Emscripten.3.1.30.Python.osx-x64 - no_fix

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6923

Good to know:

Date: August 1, 2024

Language: Python

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?