SYM_PY_0133 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Exposure of Resource to Wrong Sphere
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-668: Exposure of Resource to Wrong Sphere |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
Running a Flask app with host set to '0.0.0.0' makes your server accessible from any network, not just your local machine. This can unintentionally expose your application to the public internet.
Impact
If exploited, attackers could access your development server, potentially exposing sensitive data or application internals. This increases the risk of unauthorized access, data leaks, and attacks against your application or underlying system.