CVE-2024-32879

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Apr 24, 2024
Updated: Apr 25, 2024
CWE ID 178
CWE ID 303

Summary

CVE-2024-32879 is a vulnerability affecting the Python Social Auth library before version 5.4.1. This social authentication/registration mechanism uses MySQL or MariaDB databases with default case-insensitive collation, allowing third-party user IDs to match even if they differ only in case. This could lead to unauthorized access or other security issues. The vulnerability has been addressed with a fix in version 5.4.1, and a workaround involves changing the collation of the affected field in the database.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share