CVE-2024-32879

Published: 25 April 2024

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.

Priority

Status

Package	Release	Status
python-social-auth Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Does not exist
	jammy	Does not exist
	mantic	Does not exist
	noble	Does not exist
	upstream	Needs triage
	xenial	Needs triage

References

https://www.cve.org/CVERecord?id=CVE-2024-32879
https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3
https://github.com/python-social-auth/social-app-django/pull/566
https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.