CVE-2023-27043

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Related Vulnerabilities

CVE-2009-1197

MEDIUM
CVSS:5.3(Medium)

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

CWE-202009

CVE-2010-3667

MEDIUM
CVSS:5.3(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.

CWE-202010

CVE-2011-2902

MEDIUM
CVSS:5.3(Medium)

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary fil...

CWE-202011

CVE-2013-4101

MEDIUM
CVSS:5.3(Medium)

Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness

CWE-202013

CVE-2014-0091

MEDIUM
CVSS:5.3(Medium)

Foreman has improper input validation which could lead to partial Denial of Service

CWE-202014

CVE-2014-1935

MEDIUM
CVSS:5.3(Medium)

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.

CWE-202014