Mel-Mason

**Name of the Vulnerable Software and Affected Versions** Python Social Auth versions prior to 5.6.0 **Description** Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, a user could be associated by email during authentication even if the `associate by email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided email addresses or does not require unique email addresses. **Recommendations** Update to version 5.6.0 or later. Review the authentication service policy on email addresses.