Active Debug Code
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-489: Active Debug Code |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Setting FLASK_ENV to ‘development’ automatically enables Flask’s debug mode, which exposes sensitive debugging information and can make the app vulnerable. This setting should not be used in production or shared environments.
Impact#
If debug mode is enabled in a deployed application, attackers could access detailed error messages, view code, or even execute arbitrary code on the server, leading to data leaks or system compromise.