CVE-2024-32879
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/04/2024
Last modified:
15/04/2026
Description
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
Impact
Base Score 3.x
4.90
Severity 3.x
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138
- https://github.com/python-social-auth/social-app-django/pull/566
- https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3
- https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138
- https://github.com/python-social-auth/social-app-django/pull/566
- https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3