Bugzilla – Bug 1223373
VUL-0: CVE-2024-32879: python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django
Last modified: 2024-06-10 09:45:01 UTC
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-32879 https://www.cve.org/CVERecord?id=CVE-2024-32879 https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138 https://github.com/python-social-auth/social-app-django/pull/566 https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3 https://bugzilla.redhat.com/show_bug.cgi?id=2277035
only tumbleweed is affected which is fixed.
This is an autogenerated message for OBS integration: This bug (1223373) was mentioned in https://build.opensuse.org/request/show/1179662 Factory / python-social-auth-app-django