{"id":"BIT-libpython-2024-6923","summary":"Email header injection due to unquoted newlines","details":"There is a MEDIUM severity vulnerability affecting CPython.\n\nThe \nemail module didn’t properly quote newlines for email headers when \nserializing an email message allowing for header injection when an email\n is serialized.","aliases":["BIT-python-2024-6923","BIT-python-min-2024-6923","CVE-2024-6923","PSF-2024-8"],"modified":"2025-11-06T13:25:46.476Z","published":"2025-08-11T13:52:53.987Z","database_specific":{"severity":"Medium","cpes":["cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/08/01/3"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/08/02/2"},{"type":"WEB","url":"https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147"},{"type":"WEB","url":"https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384"},{"type":"WEB","url":"https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7"},{"type":"WEB","url":"https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0"},{"type":"WEB","url":"https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1"},{"type":"WEB","url":"https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6"},{"type":"WEB","url":"https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533"},{"type":"WEB","url":"https://github.com/python/cpython/issues/121650"},{"type":"WEB","url":"https://github.com/python/cpython/pull/122233"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00005.html"},{"type":"WEB","url":"https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6923"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20240926-0003/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"}],"affected":[{"package":{"name":"libpython","ecosystem":"Bitnami","purl":"pkg:bitnami/libpython"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.8.20"},{"introduced":"3.9.0"},{"fixed":"3.9.20"},{"introduced":"3.10.0"},{"fixed":"3.10.15"},{"introduced":"3.11.0"},{"fixed":"3.11.10"},{"introduced":"3.12.0"},{"fixed":"3.12.5"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/libpython/BIT-libpython-2024-6923.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}]}],"schema_version":"1.7.3"}