Fluid Attacks Database

Description

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	social-auth-app-django	>=0 <5.4.1	5.4.1
debian 11	social-auth-app-django	=3.1.0-2.1 \|\| =5.0.0-1 \|\| =5.2.0-1 \|\| =5.2.0-2 \|\| =5.4.0-1 \|\| =5.4.1-1 \|\| =5.4.2-1 \|\| =5.4.3-1 \|\| =5.6.0-1 \|\| =5.7.0-1 \|\| =5.8.0-1	-
debian 12	social-auth-app-django	=5.0.0-1 \|\| =5.2.0-1 \|\| =5.2.0-2 \|\| =5.4.0-1 \|\| =5.4.1-1 \|\| =5.4.2-1 \|\| =5.4.3-1 \|\| =5.6.0-1 \|\| =5.7.0-1 \|\| =5.8.0-1	-
debian 13	social-auth-app-django	>=0 <5.4.1-1	5.4.1-1
debian 14	social-auth-app-django	>=0 <5.4.1-1	5.4.1-1

Aliases

1. CVE-2024-328792. NVD-2024-328793. OSV-2024-328794. OSV-DEBIAN-2024-328795. GHSA-2gr8-3wc7-xhj36. GCVE-2024-328797. SECURITY-TRACKER-CVE-2024-32879

References

1. https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj32. https://github.com/python-social-auth/social-app-django/pull/5663. https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.