CNNVD-202601-3169 Information
CNNVD ID
CNNVD-202601-3169
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
CPython是Python基金会的一个用C语言实现的Python解释器。 CPython存在安全漏洞,该漏洞源于折叠仅包含不可折叠字符的电子邮件标头中的长注释时未保留括号,可能导致在用户控制且未清理的地址中注入标头。
Description (English)
CPython is a Python interpreter for the Python Foundation in the C language. There is a security loophole in CPython, which stems from the fact that long notes in e-mail headers containing only non-repealable characters are not kept in brackets and may lead to the injection of headers in user-controlled and uncleaned addresses.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Python
Published
2026-01-20
Last Modified
2026-02-24
References
https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2 https://github.com/python/cpython/issues/143935 https://github.com/python/cpython/pull/143936 https://mail.python.org/archives/list/security-announce@python.org/thread/FELSEOLBI2QR6YLG6Q7VYF7FWSGQTKLI/
Patch
https://github.com/python/cpython/tags
Share on: