Lucene search
K

52 matches found

PyPA
PyPA
added 2023/08/25 1:15 a.m.9 views

PYSEC-2023-154

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS7.1AI score0.00464EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/25 1:15 a.m.10 views

Authentication flaw

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5CVSS5.2AI score0.00464EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/25 1:15 a.m.18 views

PYSEC-2023-154

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS6.1AI score0.00464EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/25 12:18 a.m.38 views

CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS5.5AI score0.00464EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/25 12:18 a.m.12 views

CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS6.9AI score0.00464EPSS
Exploits0References2
CVE
CVE
added 2023/08/25 12:18 a.m.2518 views

CVE-2023-40570

Summary: CVE-2023-40570 affects Datasette 1.0 alpha to 1.0a3 with authentication enabled. The /-/api API explorer endpoint could disclose the names of databases and tables to unauthenticated users, without exposing contents. The issue is mitigated in Datasette 1.0a4, which blocks the API explorer...

5.3CVSS5.2AI score0.00464EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/25 12:18 a.m.26 views

CVE-2023-40570 Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/ap...

5.3CVSS5.6AI score0.00464EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.6 views

Datasette 安全漏洞

Datasette is an open source multifunctional tool for applications to explore and publish data A security vulnerability exists in Datasette that originates from a /-/api resource manager endpoint that discloses database and table names to an unauthenticated attacker. Affected products and versions...

5.3CVSS5.6AI score0.00464EPSS
Exploits0References3
Veracode
Veracode
added 2023/08/24 8:49 a.m.28 views

Information Disclosure

Datasette is vulnerable to Information Disclosure. The vulnerability exists because it does not check permissions when viewing the /-/api endpoint, resulting in databases and tables disclosure to unauthenticated users...

5.3CVSS6.8AI score0.00464EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/08/22 6:6 p.m.25 views

GHSA-7CH3-7PP7-7CPQ Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases an...

5.3CVSS5.2AI score0.00464EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/08/22 6:6 p.m.33 views

Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users

Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases an...

5.3CVSS6.6AI score0.00464EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2022/08/06 5:21 a.m.6 views

aclients (>=1.0.0b31 <=1.0.1b1), aiocqhttp-sanic (>=1.2.3 <=1.2.3rc1) +71 more potentially affected by CVE-2022-35920 via sanic (>=0.3.1 <=20.12.2)

sanic PYPI version =0.3.1, =1.0.0b31, =1.2.3, =0.1.0a6, =0.6.1, =0.39.0, =0.0.4, =0.8.0, =0.0.2, =0.0.2.8.5 and more Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...

8.3CVSS7.1AI score0.00919EPSS
Exploits1
OSV
OSV
added 2021/06/10 5:22 p.m.17 views

GHSA-GFF3-739C-GXFQ Duplicate Advisory: Reflected cross-site scripting issue in Datasette

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xw7c-jx9m-xh5g. This link is maintained to preserve external references. Original Description Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette...

7.2CVSS6.2AI score0.0096EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2021/06/10 5:22 p.m.69 views

Duplicate Advisory: Reflected cross-site scripting issue in Datasette

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xw7c-jx9m-xh5g. This link is maintained to preserve external references. Original Description Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette...

7.2CVSS6.3AI score0.0096EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2021/06/09 2:36 a.m.21 views

Cross-site Scripting (XSS)

datasette is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the ?trace=1 debugging feature...

7.2CVSS3.9AI score0.0096EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2021/06/09 12:0 a.m.8 views

Datasette Cross-Site Scripting Vulnerability

Datasette is an open source multifunctional tool used by applications to explore and publish data. A cross-site scripting vulnerability exists in Datasette 0.57 and 0.56.1 that ? trace=1 input validation error. No detailed vulnerability details are provided at this time...

7.2CVSS6AI score0.0096EPSS
Exploits0References1
NVD
NVD
added 2021/06/07 10:15 p.m.46 views

CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS0.0096EPSS
Exploits0References5
OSV
OSV
added 2021/06/07 10:15 p.m.16 views

CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

6.1CVSS6AI score
Exploits0References5
Prion
Prion
added 2021/06/07 10:15 p.m.15 views

Cross site scripting

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

4.3CVSS6AI score0.0096EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/06/07 10:15 p.m.26 views

PYSEC-2021-89

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS0.3AI score0.0096EPSS
Exploits0References6
Rows per page
Query Builder