2 matches found
CVE-2023-40570
Summary: CVE-2023-40570 affects Datasette 1.0 alpha to 1.0a3 with authentication enabled. The /-/api API explorer endpoint could disclose the names of databases and tables to unauthenticated users, without exposing contents. The issue is mitigated in Datasette 1.0a4, which blocks the API explorer...
CVE-2021-32670
Datasette contains a reflected cross-site scripting vulnerability in the ?_trace=1 debugging feature due to inadequate HTML escaping. Affected versions include 0.56.1 and 0.57; patches are available in those releases. Workarounds include rejecting requests with ?_trace= or &_trace= in the query s...