- Description
- Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data. This issue has been patched in version 8.4.1.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-402
- Hype score
- Not currently trending
🚨 CVE-2025-48383 🔴 HIGH (8.2) 🏢 codingjoe - django-select2 🏗️ < 8.4.1 🔗 https://t.co/6m8pNIelky 🔗 https://t.co/PQwY4W2Bjh #CyberCron #VulnAlert #InfoSec https://t.co/Y6UinCtd5P
@cybercronai
29 May 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-48383 in django-select2 causes sensitive access token leakage across sessions. Update to the patched version or apply the workaround ASAP to protect your app. 🔧 Read more: https://t.co/DtPcaaIJZq #djangoSelect2 #AccessTokenLeak #CyberSecurity #Vulert #PatchNow
@vulert_official
28 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48383 Django-Select2 Token Leakage Vulnerability in Versions Prior to 8.4.1 https://t.co/hXePPWcBsH
@VulmonFeeds
27 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48383 Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSel… https://t.co/pjcDqYooBN
@CVEnew
27 May 2025
360 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes