CNNVD-202510-1222 Information
CNNVD ID
CNNVD-202510-1222
Related CVE
- CNNVD Published: 2025-10-09
Description (Chinese)
Python Social Auth是Python Social Auth开源的一种易于设置的社交身份验证/注册机制。支持多个框架和身份验证提供者。 Python Social Auth 5.6.0之前版本存在安全漏洞,该漏洞源于未验证电子邮件关联机制,可能导致账户接管。
Description (English)
Python Social Auth is an easy-to-set social identification/registration mechanism for Python Social Auth. Support multiple frameworks and identification providers. Prior to Python Social Auth 5.6.0, there was a security loophole, which originated from an unverified e-mail link mechanism that could lead to the account taking over.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Python Social Auth
Published
2025-10-09
Last Modified
2026-02-24
References
https://github.com/python-social-auth/social-app-django/commit/10c80e2ebabeccd4e9c84ad0e16e1db74148ed4c https://github.com/python-social-auth/social-app-django/issues/220 https://github.com/python-social-auth/social-app-django/issues/231 https://github.com/python-social-auth/social-app-django/issues/634 https://github.com/python-social-auth/social-app-django/pull/803 https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-wv4w-6qv2-qqfg
Patch
https://python-social-auth.readthedocs.io/en/latest/
Share on: