CVE-2024-32879: 
Python vulnerability analysis and mitigation

CVE-2024-32879 affects Python Social Auth, a social authentication/registration mechanism, prior to version 5.4.1. The vulnerability was discovered by OpenCraft and disclosed on April 24, 2024. The issue stems from default case-insensitive collation in MySQL or MariaDB databases, where third-party authentication user IDs are not case-sensitive and could cause different IDs to match (GitHub Advisory).

The vulnerability is related to improper handling of case sensitivity in the social-auth-app-django package. The issue occurs due to the default case-insensitive collation in MySQL/MariaDB databases, which could lead to incorrect matching of different user IDs. The vulnerability has been assigned a CVSS v3.1 base score of 4.9 (Moderate) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N. The weakness has been categorized under CWE-178 (Improper Handling of Case Sensitivity) and CWE-303 (Incorrect Implementation of Authentication Algorithm) (GitHub Advisory).

The vulnerability could allow different third-party authentication user IDs to incorrectly match due to case-insensitive comparison, potentially leading to authentication bypass or account confusion issues (GitHub Advisory).

The vulnerability has been fixed in version 5.4.1 of the social-auth-app-django package. For users unable to upgrade immediately, a workaround is available by changing the collation of the affected field using the SQL command: ALTER TABLE social_auth_usersocialauth MODIFY uid varchar(255) COLLATE utf8_bin (GitHub Advisory).