First published: Tue Apr 18 2023(Updated: )
Last updated 14 October 2024
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Python Python | <=2.7.18 | |
Python Python | >=3.0<=3.11 | |
IBM Cognos Dashboards on Cloud Pak for Data | <=4.7.0 | |
debian/pypy3 | <=7.3.5+dfsg-2+deb11u2<=7.3.11+dfsg-2+deb12u2 | 7.3.5+dfsg-2+deb11u4 7.3.17+dfsg-3 |
debian/python2.7 | <=2.7.18-8+deb11u1 | |
debian/python3.11 | <=3.11.2-6+deb12u4<=3.11.2-6+deb12u3 | |
debian/python3.12 | 3.12.8-3 | |
debian/python3.9 | <=3.9.2-1 | 3.9.2-1+deb11u2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-27043 is a vulnerability in the Python email module that allows a remote attacker to bypass security restrictions due to a parsing flaw in email addresses.
The severity of CVE-2023-27043 is medium, with a CVSS severity score of 5.3.
Python versions up to and including 2.7.18 and Python versions between 3.0 and 3.11.3 are affected by CVE-2023-27043.
An attacker can exploit CVE-2023-27043 by manipulating email addresses containing special characters to bypass security mechanisms and gain unauthorized access.
Yes, upgrading to a fixed version of Python (2.7.19 or 3.11.4) or applying the necessary patches provided by the vendor can resolve the CVE-2023-27043 vulnerability.