cvedb.io
CVE-2023-27043
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2023-04-19T00:15:07.973 · Last modified 2026-06-17T05:44:13.020

Summary

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.

Affected products

fedoraproject — fedora

Does this affect you?

Add your gear to cvedb and we'll alert you only when fedoraproject ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.