Medium severity4.9OSV Advisory· Published Apr 24, 2024· Updated Apr 15, 2026
CVE-2024-32879
CVE-2024-32879
Description
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
social-auth-app-djangoPyPI | < 5.4.1 | 5.4.1 |
Affected products
3- Range: 0.0.1, 0.1.0, 1.0.0, …
- ghsa-coords2 versionspkg:pypi/social-auth-app-djangopkg:rpm/opensuse/python-social-auth-app-django&distro=openSUSE%20Tumbleweed
< 5.4.1+ 1 more
- (no CPE)range: < 5.4.1
- (no CPE)range: < 5.4.1-1.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-2gr8-3wc7-xhj3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-32879ghsaADVISORY
- github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138nvdWEB
- github.com/python-social-auth/social-app-django/pull/566nvdWEB
- github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3nvdWEB
News mentions
0No linked articles in our index yet.