CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
Configurations

No configuration.

History

21 Nov 2024, 09:15

Type Values Removed Values Added
References () https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138 - () https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138 -
References () https://github.com/python-social-auth/social-app-django/pull/566 - () https://github.com/python-social-auth/social-app-django/pull/566 -
References () https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3 - () https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3 -

25 Apr 2024, 13:18

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-24 20:15

Updated : 2024-11-21 09:15


NVD link : CVE-2024-32879

Mitre link : CVE-2024-32879

CVE.ORG link : CVE-2024-32879


JSON object : View

Products Affected

No product.

CWE
CWE-178

Improper Handling of Case Sensitivity

CWE-303

Incorrect Implementation of Authentication Algorithm