🛡️ CVE-2023-27043
🟡 CVSS 5.3 — Medium ⚠️ Exploit Public CWE-20 NVD
5.3
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Details

Severity MEDIUM
CVSS Score 5.3
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE CWE-20
Public Exploit ⚠️ Yes
Source NVD
Published 2023-04-19
Updated 2026-06-15
Modified 2026-05-12
Fix URL N/A

Affected Packages

Software From version Fixed in
active-iq-unified-manager
fedora
libpython
ontap-select-deploy-administration-utility
python
python-min

References

Vendor Advisory http://python.org
Vendor Advisory http://python.org

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.