Search for packages
| purl | pkg:pypi/social-auth-app-django@0.0.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-29us-aw5a-suc4
Aliases: CVE-2025-61783 GHSA-wv4w-6qv2-qqfg |
Python Social Auth - Django has unsafe account association Upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. |
Affected by 0 other vulnerabilities. |
|
VCID-4ct3-hxkg-63gv
Aliases: CVE-2024-32879 GHSA-2gr8-3wc7-xhj3 |
social-auth-app-django affected by Improper Handling of Case Sensitivity ### Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. ### Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1. ### Workarounds An immediate workaround would be to change collation of the affected field: ```mysql ALTER TABLE `social_auth_usersocialauth` MODIFY `uid` varchar(255) COLLATE `utf8_bin`; ``` ### References This issue was discovered by folks at https://opencraft.com/. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||