CVE-2025-48383

Published: May 27, 2025

Modified: May 27, 2025

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data. This issue has been patched in version 8.4.1.

Vendor	Product	Versions
codingjoe	django-select2	affected `< 8.4.1`

Weaknesses (CWE)

CWE-402

CWE-918

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

References

https://github.com/codingjoe/django-select2/security/advisories/GHSA-wjrh-hj83-3wh7

x_refsource_CONFIRM

https://github.com/codingjoe/django-select2/commit/e5f41e6edba004d35f94915ff5e2559f44853412

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-48383

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References