CVE-2019-16056

Name of the Vulnerable Software and Affected Versions Python versions 2.7.16 and earlier Python versions 3.x through 3.5.7 Python versions 3.6.x through 3.6.9 Python versions 3.7.x through 3.7.4

Description The issue is related to the email module in Python, which incorrectly parses email addresses containing multiple @ characters. This could allow an application that uses the email module and checks the From/To headers of a message to be tricked into accepting an email address that should be denied. The vulnerability can be exploited by a remote attacker to accept emails from addresses that should be rejected.

Recommendations For Python versions 2.7.16 and earlier, update to a version that fixes the email module issue. For Python versions 3.x through 3.5.7, update to a version that fixes the email module issue. For Python versions 3.6.x through 3.6.9, update to a version that fixes the email module issue. For Python versions 3.7.x through 3.7.4, update to a version that fixes the email module issue. As a temporary workaround, consider restricting the use of the email module until a patch is available.