HIGH 7.5
CVE-2019-16056
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.9%
percentile 76.0%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| python | python | Windows | ≤2.7.16 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | ≥3.0.0 ≤3.0.1 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | ≥3.1.0 ≤3.1.5 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | ≥3.2.0 ≤3.2.6 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | ≥3.3.0 ≤3.3.7 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | ≥3.4.0 ≤3.4.10 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | ≥3.5.0 ≤3.5.7 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | ≥3.6.0 ≤3.6.9 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | Windows | ≥3.7.0 ≤3.7.4 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |