Active Debug Code
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-489: Active Debug Code |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Medium |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Enabling debug options like ‘-Vdebug’ or ‘-Ydebug’ in Scala production builds exposes detailed internal information that should remain private. This can unintentionally reveal sensitive implementation details to anyone accessing the deployed application.
Impact#
If left enabled, attackers could gain insights into the application’s internal logic, configurations, or stack traces, making it easier to exploit vulnerabilities. It can also degrade performance and reliability, potentially leading to service disruptions or data leaks.