Lucene search
K

52 matches found

PyPA
PyPA
added 2021/06/07 10:15 p.m.5 views

PYSEC-2021-89

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS6.6AI score0.0096EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/06/07 9:47 p.m.46 views

Reflected cross-site scripting issue in Datasette

Impact The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as...

7.2CVSS0.2AI score0.0096EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2021/06/07 9:47 p.m.24 views

GHSA-XW7C-JX9M-XH5G Reflected cross-site scripting issue in Datasette

Impact The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation includes authenticated features using plugins such as...

7.2CVSS6.3AI score0.0096EPSS
Exploits0References8
CVE
CVE
added 2021/06/07 9:20 p.m.97 views

CVE-2021-32670

Datasette contains a reflected cross-site scripting vulnerability in the ?_trace=1 debugging feature due to inadequate HTML escaping. Affected versions include 0.56.1 and 0.57; patches are available in those releases. Workarounds include rejecting requests with ?_trace= or &_trace= in the query s...

7.2CVSS6.1AI score0.0096EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2021/06/07 9:20 p.m.37 views

CVE-2021-32670 Reflected cross-site scripting issue in Datasette

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS6.9AI score0.0096EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/07 12:0 a.m.4 views

Datasette 跨站脚本漏洞

Datasette is an open source multifunctional tool used by applications to explore and publish data. A cross-site scripting vulnerability exists in Datasette 0.57 and 0.56.1 that ? trace=1 input validation error. No detailed vulnerability details are provided at this time...

7.2CVSS5.2AI score0.0096EPSS
Exploits0References5
Veracode
Veracode
added 2020/11/26 2:3 a.m.8 views

Information Disclosure

datasette-graphql is vulnerable to information disclosure. The vulnerability exists as it does not perform permission checks, allowing private database schema to be revealed...

1.7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/11/24 10:59 p.m.53 views

datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

1.4AI score
Exploits0References3Affected Software1
OSV
OSV
added 2020/11/24 10:59 p.m.14 views

GHSA-74HV-QJJQ-H7G5 datasette-graphql leaks details of the schema of private database files

Impact When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents. Patches Patched in version 1.2. Workarounds This issue is only present if a Datasette instance that includes private databases...

6.9AI score
Exploits0References2
Veracode
Veracode
added 2020/08/12 4:24 a.m.9 views

Information Disclosure

datasette is vulnerable to information disclosure. The vulnerability exists as Cross-Site Request Forgery CRSF tokens are leaked through read-only canned queries...

2.6AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/08/11 2:54 p.m.22 views

CSRF tokens leaked in URL by canned query form

Impact The HTML form for a read-only canned query includes the hidden CSRF token field added in 798 for writable canned queries 698. This means that submitting those read-only forms exposes the CSRF token in the URL - for example on https://latest.datasette.io/fixtures/neighborhoodsearch submitti...

6.8AI score
Exploits0References5Affected Software1
OSV
OSV
added 2020/08/11 2:54 p.m.9 views

GHSA-Q6J3-C4WC-63VW CSRF tokens leaked in URL by canned query form

Impact The HTML form for a read-only canned query includes the hidden CSRF token field added in 798 for writable canned queries 698. This means that submitting those read-only forms exposes the CSRF token in the URL - for example on https://latest.datasette.io/fixtures/neighborhoodsearch submitti...

4.3CVSS6.8AI score
Exploits0References5
Rows per page
Query Builder