Active Debug Code
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-489: Active Debug Code |
| OWASP | A05:2021 - Security Misconfiguration |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Enabling the APP_DEBUG setting in Laravel exposes detailed error messages and sensitive configuration details. This should never be set to ’true’ in production environments, as it can reveal information useful to attackers.
Impact#
If exploited, attackers could view stack traces, environment variables, and other confidential data, potentially leading to further attacks such as credential theft or server compromise. This can severely undermine the security and integrity of the application.