CVE-2024-32879

Name of the Vulnerable Software and Affected Versions Python Social Auth versions prior to 5.4.1

Description The issue arises due to default case-insensitive collation in MySQL or MariaDB databases, causing third-party authentication user IDs to not be case-sensitive. This could lead to different IDs matching. The problem has been addressed by a fix released in version 5.4.1.

Recommendations For versions prior to 5.4.1, update to version 5.4.1 to resolve the issue. As a temporary workaround, consider changing the collation of the affected field, for example, by running the SQL command: ALTER TABLE social auth usersocialauth MODIFY uid varchar(255) COLLATE utf8 bin;