Name of the Vulnerable Software and Affected Versions Datasette versions prior to 0.46

Description The HTML form for a read-only canned query in Datasette includes a hidden CSRF token field. When this form is submitted, the CSRF token is exposed in the URL. For example, submitting the form on https://latest.datasette.io/fixtures/neighborhood search results in a URL like https://latest.datasette.io/fixtures/neighborhood search?text=down&csrftoken=CSRFTOKEN-HERE. This token could potentially leak to an attacker if the resulting page has a link to an external site and the user clicks the link, as the token would be exposed in the referral logs.

Recommendations For versions prior to 0.46, update to Datasette 0.46 to fix the issue. As a temporary workaround for Datasette instances without upgrading, copy the 0.46 query.html template into a custom templates/ directory and run Datasette with the --template-dir=templates/ option.