SYM_CONF_0020 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Active Debug Code
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-489: Active Debug Code |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Setting FLASK_ENV to 'development' automatically enables Flask's debug mode, which exposes sensitive debugging information and can make the app vulnerable. This setting should not be used in production or shared environments.
Impact
If debug mode is enabled in a deployed application, attackers could access detailed error messages, view code, or even execute arbitrary code on the server, leading to data leaks or system compromise.