Impact
When running against a Datasette instance with private databases, datasette-graphql would expose the schema of those database tables - but not the table contents.
Patches
Patched in version 1.2.
Workarounds
This issue is only present if a Datasette instance that includes private databases and has the datasette-graphql plugin installed is available on the public internet. Uninstalling the datasette-graphql plugin or preventing public access to the instance can workaround this issue.
For more information
If you have any questions or comments about this advisory:
Impact
When running against a Datasette instance with private databases,
datasette-graphqlwould expose the schema of those database tables - but not the table contents.Patches
Patched in version 1.2.
Workarounds
This issue is only present if a Datasette instance that includes private databases and has the
datasette-graphqlplugin installed is available on the public internet. Uninstalling thedatasette-graphqlplugin or preventing public access to the instance can workaround this issue.For more information
If you have any questions or comments about this advisory: