First published: Tue Apr 18 2023(Updated: )
Python could allow a remote attacker to bypass security restrictions, caused by a parsing flaw in the email.utils.parsaddr() and email.utils.getaddresses() functions. By sending a specially-crafted e-mail addresses with a special character, an attacker could exploit this vulnerability to send messages from e-mail addresses that would otherwise be rejected.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Python Python | <=2.7.18 | |
Python Python | >=3.0<=3.11 | |
IBM Cognos Dashboards on Cloud Pak for Data | <=4.7.0 | |
<=2.7.18 | ||
>=3.0<=3.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-27043 is a vulnerability in the Python email module that allows a remote attacker to bypass security restrictions due to a parsing flaw in email addresses.
The severity of CVE-2023-27043 is medium, with a CVSS severity score of 5.3.
Python versions up to and including 2.7.18 and Python versions between 3.0 and 3.11.3 are affected by CVE-2023-27043.
An attacker can exploit CVE-2023-27043 by manipulating email addresses containing special characters to bypass security mechanisms and gain unauthorized access.
Yes, upgrading to a fixed version of Python (2.7.19 or 3.11.4) or applying the necessary patches provided by the vendor can resolve the CVE-2023-27043 vulnerability.