Home > Vulnerability Database > CVE-2024-32879

Mend.io Vulnerability Database

CVE-2024-32879

Good to know:

Date: April 24, 2024

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.

Language: Python

Severity Score

4.9

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-32879

Url: https://github.com/python-social-auth/social-app-django/pull/566

Url: https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3

Url: https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138

Url: https://github.com/python-social-auth/social-app-django

Url: https://www.mend.io/vulnerability-database/CVE-2024-32879

Severity Score

4.9

Weakness Type (CWE)

Improper Handling of Case Sensitivity

CWE-178

Incorrect Implementation of Authentication Algorithm

CWE-303

Top Fix

Upgrade Version

Upgrade to version social-auth-app-django - 5.4.1

Learn More

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-32879

Good to know:

Date: April 24, 2024

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?