GHSA-7CH3-7PP7-7CPQ Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Impact This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases an...