SYM_PY_0128 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Active Debug Code
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-489: Active Debug Code |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The Flask application is running with debug mode enabled ('debug=True'). This exposes sensitive error messages and internal application details that should not be visible in production environments.
Impact
If exploited, attackers can access detailed debug information, including stack traces and environment variables, which may reveal secrets or allow code execution. This can lead to data breaches, compromise of the server, or further attacks against your application and infrastructure.