Untriaged
IMAP command injection in user-controlled commands
The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.
References
- https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
- https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
- https://github.com/python/cpython/issues/143921 issue-tracking
- https://github.com/python/cpython/pull/143922 patch
- https://github.com/python/cpython/issues/143921 issue-tracking
- https://github.com/python/cpython/pull/143922 patch
- https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
- https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
- https://github.com/python/cpython/issues/143921 issue-tracking
- https://github.com/python/cpython/pull/143922 patch
- https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
- https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
- https://github.com/python/cpython/issues/143921 issue-tracking
- https://github.com/python/cpython/pull/143922 patch
- https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
- https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
Affected products
CPython
- <3.15.0a6
- <3.15.0
Matching in nixpkgs
pkgs.haskellPackages.cpython
Bindings for libpython
Package maintainers
-
@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>