SYM_PY_0140 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Active Debug Code
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-489: Active Debug Code |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The application's DEBUG setting is hardcoded in the source code instead of being configured through environment variables. This can make it easy to accidentally run the app in debug mode in production, exposing sensitive information.
Impact
If DEBUG mode is enabled in production, attackers could access detailed error messages or the interactive debugger, revealing sensitive data or internal application logic. This increases the risk of information leakage and potential exploitation.