issues: 912464443
This data as json
| id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 912464443 | MDU6SXNzdWU5MTI0NjQ0NDM= | 1360 | Security flaw, to be fixed in 0.56.1 and 0.57 | 9599 | closed | 0 | 2 | 2021-06-05T21:53:51Z | 2021-06-05T22:23:23Z | 2021-06-05T22:22:06Z | OWNER | See security advisory here for details: https://github.com/simonw/datasette/security/advisories/GHSA-xw7c-jx9m-xh5g - the `?_trace=1` debugging option was not correctly escaping its JSON output, resulting in a [reflected cross-site scripting](https://owasp.org/www-community/attacks/xss/#reflected-xss-attacks) vulnerability. | 107914493 | issue | {"url": "https://api.github.com/repos/simonw/datasette/issues/1360/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | completed |