Vulnerabilities/

Werkzeug Interactive Debugging is Active

Severity:
Medium

Description

Werkzeug is a comprehensive WSGI web application library for the Python language. Werkzeug provides a WSGI middleware that renders nice tracebacks, optionally with an interactive debug console to execute code in any frame. This console functionality can be abused by attackers to run commands on the server.

Recommendation

Do not use the DebuggedApplication on the production servers. And, make sure to pass False as the use_debugger value in the run_simple() function call. If you’re using Flask, set the FLASK_ENV to production in the environment variables.

References

Related Issues

Tags:
Flask
PHP
ASP.NET
Django
Information Disclosure
Denial of Service
Error Handling
WASC-13
CWE-1295
CWE-209
CWE-200
OWASP 2021-A5
OWASP 2017-A6
OWASP 2013-A5
CAPEC-118
Anything's wrong? Let us know Last updated on May 13, 2024

Use SmartScanner Free version to test for this issue

Download