Medium severity4.9NVD Advisory· Published Apr 24, 2024· Updated Apr 15, 2026
CVE-2024-32879
CVE-2024-32879
Description
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
social-auth-app-djangoPyPI | < 5.4.1 | 5.4.1 |
Patches
131c3e0c7edb1models: make sure uid is compared case-sensitive
1 file changed · +9 −5
social_django/models.py+9 −5 modified@@ -54,11 +54,15 @@ class Meta: abstract = True @classmethod - def get_social_auth(cls, provider, uid): - try: - return cls.objects.select_related("user").get(provider=provider, uid=uid) - except cls.DoesNotExist: - return None + def get_social_auth(cls, provider: str, uid: str): + for social in cls.objects.select_related("user").filter( + provider=provider, uid=uid + ): + # We need to compare to filter out case-insensitive lookups in + # some databases (MySQL/MariaDB) + if social.uid == uid: + return social + return None @classmethod def username_max_length(cls):
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-2gr8-3wc7-xhj3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-32879ghsaADVISORY
- github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138nvdWEB
- github.com/python-social-auth/social-app-django/pull/566nvdWEB
- github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3nvdWEB
News mentions
0No linked articles in our index yet.