Active Debug Code
| Property | |
|---|---|
| Language | regex |
| Severity |  |
| CWE | CWE-489: Active Debug Code |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The Django {% debug %} template tag outputs sensitive debugging information directly to the page when debug mode is enabled. Leaving this tag in your templates can unintentionally expose internal variables and environment details to users.
Impact#
If this vulnerability is exploited, attackers could gain insight into your application’s internal state, including context variables and configuration details. This information can be leveraged to find further weaknesses, aiding in attacks such as privilege escalation or information disclosure.