SYM_PY_0138 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Active Debug Code
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-489: Active Debug Code |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The DEBUG setting is being hardcoded in the Flask application code instead of being managed through the FLASK_DEBUG environment variable. This can lead to accidentally running the app in debug mode in production or making it hard to control debug settings securely.
Impact
If DEBUG is enabled in production, sensitive error messages and internal information may be exposed to users or attackers, increasing the risk of information leaks and exploitation. Hardcoding also makes it harder to enforce secure configurations across environments.