Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Python Social Auth - Django has unsafe account association
Vulnerability Description
Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.
CVSS Information
N/A
Vulnerability Type
认证算法的不正确实现
Vulnerability Title
Python Social Auth 安全漏洞
Vulnerability Description
Python Social Auth是Python Social Auth开源的一种易于设置的社交身份验证/注册机制。支持多个框架和身份验证提供者。 Python Social Auth 5.6.0之前版本存在安全漏洞,该漏洞源于未验证电子邮件关联机制,可能导致账户接管。
CVSS Information
N/A
Vulnerability Type
N/A