Improper Handling of Case Sensitivity
CVE-2024-32879
Summary
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs were not case-sensitive and could cause different IDs to match. An immediate workaround would be to change the collation of the affected field.
- HIGH
- NETWORK
- LOW
- CHANGED
- NONE
- LOW
- LOW
- NONE
CWE-178 - Improper Handling of Case Sensitivity
The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
References
Advisory Timeline
- Published