Access Token Leakage Vulnerability in Django-Select2 by Coding Joe
CVE-2025-48383
8.2HIGH
What is CVE-2025-48383?
Django-Select2, a Django integration for the Select2 library, prior to version 8.4.1, contains a vulnerability that allows instances of HeavySelect2Mixin subclasses, such as ModelSelect2MultipleWidget and ModelSelect2Widget, to unintentionally leak secret access tokens between requests. This exposure can enable users to access restricted query sets and sensitive data, posing a significant security risk. Users are advised to upgrade to version 8.4.1, where this issue has been addressed.
Affected Version(s)
django-select2 < 8.4.1