Уязвимость CVE-2019-16056: Информация

Описание

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      End including

      2.7.16

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.5.0

      End including

      3.5.7

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.6.0

      End including

      3.6.9

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.7.0

      End including

      3.7.4

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.0.0

      End including

      3.0.1

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.1.0

      End including

      3.1.5

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.2.0

      End including

      3.2.6

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.3.0

      End including

      3.3.7

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.4.0

      End including

      3.4.10

      ---

      Конфигурация 2

      cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

      ---

      Конфигурация 3

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      ---

      Конфигурация 4

      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

      ---

      cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

      ---

      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

      ---

      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

      ---

      Конфигурация 5

      cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*

      ---

      Конфигурация 6

      cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*

      Start including

      4.1

      End including

      4.3

      ---

      cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

      ---

      Конфигурация 7

      cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

      ---