PYSEC-2023-154

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/datasette/PYSEC-2023-154.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2023-154
Aliases
Published
2023-08-25T01:15:00Z
Modified
2023-11-01T05:02:49.730265Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The /-/api API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette /database hierarchy. This issue is patched in version 1.0a4.

References

Affected packages

PyPI / datasette

Package

Affected ranges

Type
GIT
Repo
https://github.com/simonw/datasette
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8
0.9
0.10
0.11
0.12
0.13
0.14
0.15
0.16
0.17
0.18
0.19
0.20
0.21
0.22
0.22.1
0.23
0.23.1
0.23.2
0.24
0.25
0.25.1
0.25.2
0.26
0.26.1
0.26.2
0.27
0.27.1
0.28
0.29
0.29.1
0.29.2
0.29.3
0.30
0.30.1
0.30.2
0.31
0.31.1
0.31.2
0.32
0.33
0.34
0.35
0.36
0.37
0.37.1
0.38
0.39
0.40
0.41
0.42
0.43
0.44
0.45a0
0.45a1
0.45a2
0.45a3
0.45a4
0.45a5
0.45
0.46
0.47
0.47.1
0.47.2
0.47.3
0.48
0.49a0
0.49a1
0.49
0.49.1
0.50a0
0.50a1
0.50
0.50.1
0.50.2
0.51a0
0.51a1
0.51a2
0.51
0.51.1
0.52
0.52.1
0.52.2
0.52.3
0.52.4
0.52.5
0.53
0.54a0
0.54
0.54.1
0.55
0.56
0.56.1
0.57a0
0.57a1
0.57
0.57.1
0.58a0
0.58a1
0.58
0.58.1
0.59a0
0.59a1
0.59a2
0.59
0.59.1
0.59.2
0.59.3
0.59.4
0.60a0
0.60a1
0.60
0.60.1
0.60.2
0.61a0
0.61
0.61.1
0.62a0
0.62a1
0.62
0.63a0
0.63a1
0.63
0.63.1
0.63.2
0.63.3
0.64
0.64.1
0.64.2
0.64.3
0.64.4
0.64.5

1.*

1.0a0
1.0a1
1.0a2
1.0a3
1.0a4
1.0a5
1.0a6
1.0a7