52 matches found
PYSEC-2023-154
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
Authentication flaw
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
PYSEC-2023-154
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
CVE-2023-40570
Summary: CVE-2023-40570 affects Datasette 1.0 alpha to 1.0a3 with authentication enabled. The /-/api API explorer endpoint could disclose the names of databases and tables to unauthenticated users, without exposing contents. The issue is mitigated in Datasette 1.0a4, which blocks the API explorer...
CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...
Datasette 安全漏洞
Datasette is an open source multifunctional tool for applications to explore and publish data A security vulnerability exists in Datasette that originates from a /-/api resource manager endpoint that discloses database and table names to an unauthenticated attacker. Affected products and versions...
Information Disclosure
Datasette is vulnerable to Information Disclosure. The vulnerability exists because it does not check permissions when viewing the /-/api endpoint, resulting in databases and tables disclosure to unauthenticated users...
GHSA-7CH3-7PP7-7CPQ Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases an...
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases an...
aclients (>=1.0.0b31 <=1.0.1b1), aiocqhttp-sanic (>=1.2.3 <=1.2.3rc1) +71 more potentially affected by CVE-2022-35920 via sanic (>=0.3.1 <=20.12.2)
sanic PYPI version =0.3.1, =1.0.0b31, =1.2.3, =0.1.0a6, =0.6.1, =0.39.0, =0.0.4, =0.8.0, =0.0.2, =0.0.2.8.5 and more Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...
GHSA-GFF3-739C-GXFQ Duplicate Advisory: Reflected cross-site scripting issue in Datasette
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xw7c-jx9m-xh5g. This link is maintained to preserve external references. Original Description Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette...
Duplicate Advisory: Reflected cross-site scripting issue in Datasette
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xw7c-jx9m-xh5g. This link is maintained to preserve external references. Original Description Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette...
Cross-site Scripting (XSS)
datasette is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the ?trace=1 debugging feature...
Datasette Cross-Site Scripting Vulnerability
Datasette is an open source multifunctional tool used by applications to explore and publish data. A cross-site scripting vulnerability exists in Datasette 0.57 and 0.56.1 that ? trace=1 input validation error. No detailed vulnerability details are provided at this time...
CVE-2021-32670
Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...
CVE-2021-32670
Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...
Cross site scripting
Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...
PYSEC-2021-89
Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...