CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.

Published: Apr 24, 2024
Updated: May 4, 2025
CVE: CVE-2024-32879
GHSA: GHSA-2gr8-3wc7-xhj3
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CWEs:

CWE-178
CWE-303

Affected Software
References

Software	From	Fixed in
social-auth-app-django	-	5.4.1

https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138
https://github.com/python-social-auth/social-app-django/pull/566
https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3

Vulnerability Database

CVE-2024-32879

Deep Security Visibility Without the Complexity