vulnerability
Oracle Linux: CVE-2023-27043: ELSA-2024-0256: python3 security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Apr 19, 2023 | Jan 16, 2024 | May 14, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Apr 19, 2023
Added
Jan 16, 2024
Modified
May 14, 2025
Description
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Solution(s)
oracle-linux-upgrade-platform-pythonoracle-linux-upgrade-platform-python-debugoracle-linux-upgrade-platform-python-develoracle-linux-upgrade-python3oracle-linux-upgrade-python3-11oracle-linux-upgrade-python3-11-debugoracle-linux-upgrade-python3-11-develoracle-linux-upgrade-python3-11-idleoracle-linux-upgrade-python3-11-libsoracle-linux-upgrade-python3-11-rpm-macrosoracle-linux-upgrade-python3-11-testoracle-linux-upgrade-python3-11-tkinteroracle-linux-upgrade-python39oracle-linux-upgrade-python39-attrsoracle-linux-upgrade-python39-cffioracle-linux-upgrade-python39-chardetoracle-linux-upgrade-python39-cryptographyoracle-linux-upgrade-python39-cythonoracle-linux-upgrade-python39-debugoracle-linux-upgrade-python39-develoracle-linux-upgrade-python39-idleoracle-linux-upgrade-python39-idnaoracle-linux-upgrade-python39-iniconfigoracle-linux-upgrade-python39-libsoracle-linux-upgrade-python39-lxmloracle-linux-upgrade-python39-mod-wsgioracle-linux-upgrade-python39-more-itertoolsoracle-linux-upgrade-python39-numpyoracle-linux-upgrade-python39-numpy-docoracle-linux-upgrade-python39-numpy-f2pyoracle-linux-upgrade-python39-packagingoracle-linux-upgrade-python39-piporacle-linux-upgrade-python39-pip-wheeloracle-linux-upgrade-python39-pluggyoracle-linux-upgrade-python39-plyoracle-linux-upgrade-python39-psutiloracle-linux-upgrade-python39-psycopg2oracle-linux-upgrade-python39-psycopg2-docoracle-linux-upgrade-python39-psycopg2-testsoracle-linux-upgrade-python39-pyoracle-linux-upgrade-python39-pybind11oracle-linux-upgrade-python39-pybind11-develoracle-linux-upgrade-python39-pycparseroracle-linux-upgrade-python39-pymysqloracle-linux-upgrade-python39-pyparsingoracle-linux-upgrade-python39-pysocksoracle-linux-upgrade-python39-pytestoracle-linux-upgrade-python39-pyyamloracle-linux-upgrade-python39-requestsoracle-linux-upgrade-python39-rpm-macrosoracle-linux-upgrade-python39-scipyoracle-linux-upgrade-python39-setuptoolsoracle-linux-upgrade-python39-setuptools-wheeloracle-linux-upgrade-python39-sixoracle-linux-upgrade-python39-testoracle-linux-upgrade-python39-tkinteroracle-linux-upgrade-python39-tomloracle-linux-upgrade-python39-urllib3oracle-linux-upgrade-python39-wcwidthoracle-linux-upgrade-python39-wheeloracle-linux-upgrade-python39-wheel-wheeloracle-linux-upgrade-python3-debugoracle-linux-upgrade-python3-develoracle-linux-upgrade-python3-idleoracle-linux-upgrade-python3-libsoracle-linux-upgrade-python3-testoracle-linux-upgrade-python3-tkinteroracle-linux-upgrade-python-unversioned-command
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.