Werkzeug Interactive Debugging is Active
Werkzeug is a comprehensive WSGI web application library for the Python language. Werkzeug provides a WSGI middleware that renders nice tracebacks, optionally with an interactive debug console to execute code in any frame. This console functionality can be abused by attackers to run commands on the server.
Do not use the
DebuggedApplication on the production servers. And, make sure to pass
False as the
use_debugger value in the
run_simple() function call.
If you’re using Flask, set the
production in the environment variables.
- OWASP: Error Handling Cheat Sheet
- OWASP 2007-A6
- OWASP 2021-A1
- OWASP 2021-A4