CVE-2024-32879
CVSS V2 None
CVSS V3 None
Description
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
Overview
- CVE ID
- CVE-2024-32879
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-04-24T19:42:14.642Z
- Last Modified Date
- 2024-06-04T17:51:12.451Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3 | x_refsource_CONFIRM |
| https://github.com/python-social-auth/social-app-django/pull/566 | x_refsource_MISC |
| https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-32879 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32879 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 08:33:04 | Added to TrackCVE |