New submission from Dalton Campbell <drcampbel...@gmail.com>: The protection's implemented in https://github.com/python/cpython/blob/master/Lib/email/header.py to prevent Email Header injection can be bypassed by specifying an injected additional header in the following format: exam...@python.org\ncc :injec...@python.org
The white space bypasses the current regex protection (_embedded_header = re.compile(r'\n[^ \t]+:')) and is still accepted by the smtp server. Attached is a proof of concept script ---------- components: Library (Lib) files: PythonEmailHeaderInjectionPOC.py messages: 310367 nosy: r.david.murray, thedoctorsoup priority: normal severity: normal status: open title: Email Header Injection Protection Bypass type: security Added file: https://bugs.python.org/file47396/PythonEmailHeaderInjectionPOC.py _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32606> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
