216.73.216.133

CVE-2025-48383

· Published 27/05/2025 15:15 · Modified 28/05/2025 15:01

Labels: CVE-2025-48383 2025-05-27CVE-2025-48383CWE-402[email protected]

Essential information

Published
27/05/2025 15:15
Modified
28/05/2025 15:01
Author
Creator
CVSS
8.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS metrics

Description

Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the ModelSelect2MultipleWidget and ModelSelect2Widget can leak secret access tokens across requests. This can allow users to access restricted query sets and restricted data. This issue has been patched in version 8.4.1.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
django / django-select2 cpe:2.3:a:django:django-select2:<8.4.1:*:*:*:*:*:*:*

References