Denis Ledoux

**Name of the Vulnerable Software and Affected Versions** Versions prior to 2025-11468 **Description** A flaw exists where parenthesis are not preserved when folding a long comment in an email header containing exclusively unfoldable characters. This can allow for the injection of headers into email messages when addresses are user-controlled and not properly sanitized. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Python email module (affected versions not specified) **Description** The `BytesGenerator` class within the email module did not correctly quote newlines for email headers during email message serialization. This flaw allows for header injection when an email is serialized, specifically when using "LiteralHeader" writing headers that do not adhere to email folding rules. The updated behavior rejects incorrectly folded headers in `BytesGenerator`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.