Skip to main content

Improper Handling of Case Sensitivity

CVE-2024-32879

Severity Medium
Score 4.9/10

Summary

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs were not case-sensitive and could cause different IDs to match. An immediate workaround would be to change the collation of the affected field.

  • HIGH
  • NETWORK
  • LOW
  • CHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-178 - Improper Handling of Case Sensitivity

The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

Advisory Timeline

  • Published