CVE-2024-32879 MEDIUM

CVE-2024-32879: social-auth-app-django Improper Handling of Case Sensitivity vulnerability

Vendor Python-Social-Auth
Product social-app-django
Weakness CWE-178
Published April 24, 2024
Last update August 2, 2024

CVSS base score

4.9/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.

Key dates

02Disclosure timeline

April 24, 2024 CVE published
August 2, 2024 Record updated