CVE-2024-32879: social-auth-app-djangon affected by Improper Handling of Case Sensitivity
Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match.
References
- github.com/advisories/GHSA-2gr8-3wc7-xhj3
- github.com/python-social-auth/social-app-django
- github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138
- github.com/python-social-auth/social-app-django/pull/566
- github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3
- nvd.nist.gov/vuln/detail/CVE-2024-32879
Code Behaviors & Features
Detect and mitigate CVE-2024-32879 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →