PT-2019-4775 · Python+8 · Python+8

Published

2018-07-19

·

Updated

2026-05-18

·

CVE-2019-16056

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Python versions 2.7.16 and earlier Python versions 3.x through 3.5.7 Python versions 3.6.x through 3.6.9 Python versions 3.7.x through 3.7.4
Description The issue is related to the email module in Python, which incorrectly parses email addresses containing multiple @ characters. This could allow an application that uses the email module and checks the From/To headers of a message to be tricked into accepting an email address that should be denied. The vulnerability can be exploited by a remote attacker to accept emails from addresses that should be rejected.
Recommendations For Python versions 2.7.16 and earlier, update to a version that fixes the email module issue. For Python versions 3.x through 3.5.7, update to a version that fixes the email module issue. For Python versions 3.6.x through 3.6.9, update to a version that fixes the email module issue. For Python versions 3.7.x through 3.7.4, update to a version that fixes the email module issue. As a temporary workaround, consider restricting the use of the email module until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2020:1605
ALT-PU-2019-3103
ALT-PU-2020-1434
ALT-PU-2020-3318
ALT-PU-2021-2653
ALT-PU-2024-3474
BDU:2020-01347
CESA-2020_1131
CESA-2020_1132
CESA-2020_1605
CESA-2020_1764
CLEANSTART-2026-BM51903
CLEANSTART-2026-SY44974
CLEANSTART-2026-WV76464
CVE-2019-16056
DLA-1924-1
DLA-1925-1
DLA-2280-1
DLA-2337-1
MGASA-2019-0318
OPENSUSE-SU-2019:2389-1
OPENSUSE-SU-2019:2393-1
OPENSUSE-SU-2019:2438-1
OPENSUSE-SU-2019:2453-1
OPENSUSE-SU-2019_2389-1
OPENSUSE-SU-2019_2393-1
OPENSUSE-SU-2019_2438-1
OPENSUSE-SU-2019_2453-1
OPENSUSE-SU-2020:0086-1
OPENSUSE-SU-2020_0086-1
OPENSUSE-SU-2024:11202-1
OPENSUSE-SU-2024:11284-1
PSF-2019-5
RHSA-2019:3725
RHSA-2019:3948
RHSA-2020:1131
RHSA-2020:1132
RHSA-2020:1605
RHSA-2020:1764
RHSA-2020:2520
RHSA-2020_1131
RHSA-2020_1132
RHSA-2020_1605
RHSA-2020_1764
RLSA-2020:1605
SUSE-RU-2020:1342-1
SUSE-SU-2019:2743-1
SUSE-SU-2019:2748-1
SUSE-SU-2019:2748-2
SUSE-SU-2019:2798-1
SUSE-SU-2019:2802-1
SUSE-SU-2019_2743-1
SUSE-SU-2019_2748-1
SUSE-SU-2019_2748-2
SUSE-SU-2019_2802-1
SUSE-SU-2020:0114-1
SUSE-SU-2020:0234-1
SUSE-SU-2020:0302-1
SUSE-SU-2020:2699-1
SUSE-SU-2020:3563-1
SUSE-SU-2020_3563-1
SUSE-SU-2021:14198-1
SUSE-SU-2021_14198-1
USN-4151-1
USN-4151-2
USN-6891-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Python
Red Hat
Rocky Linux
Suse
Ubuntu