UBUNTU-CVE-2024-32879
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 24 Apr 2024, 20:15
Last modified:24 Oct 2025, 05:09
Vulnerability Summary
Overall Risk (default)
low
20/100 CVSS Score
4.9 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
24 Apr 2024, 20:15
Published
Vulnerability first disclosed
24 Oct 2025, 05:09
Last Modified
Vulnerability information updated
Description
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
CVSS Metrics
- v3.1•MEDIUM•Score: 4.9CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected Systems
- ubuntu•python-social-auth
all | all
References (5)
- https://ubuntu.com/security/CVE-2024-32879
- https://www.cve.org/CVERecord?id=CVE-2024-32879
- https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3
- https://github.com/python-social-auth/social-app-django/pull/566
- https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138