https://bugzilla.suse.com/show_bug.cgi?id=1223373 Bug ID: 1223373 Summary: VUL-0: CVE-2024-32879: python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/403106/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: dmueller@suse.com Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: stoyan.manolov@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-32879 https://www.cve.org/CVERecord?id=CVE-2024-32879 https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb18... https://github.com/python-social-auth/social-app-django/pull/566 https://github.com/python-social-auth/social-app-django/security/advisories/... https://bugzilla.redhat.com/show_bug.cgi?id=2277035 -- You are receiving this mail because: You are on the CC list for the bug.