Feb. 28, 2025
7:02 p.m.
There is a LOW severity vulnerability affecting CPython.
During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
Please see the linked CVE ID for the latest information on affected versions:
CVE: https://www.cve.org/CVERecord?id=CVE-2025-1795 Issue: https://github.com/python/cpython/issues/100884 Pull requests: https://github.com/python/cpython/pull/100885 and https://github.com/python/cpython/pull/119099