Active Debug Code
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-489: Active Debug Code |
| OWASP | A06:2017 - Security Misconfiguration |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
The Flask application is running with debug mode enabled (‘debug=True’). This exposes sensitive error messages and internal application details that should not be visible in production environments.
Impact#
If exploited, attackers can access detailed debug information, including stack traces and environment variables, which may reveal secrets or allow code execution. This can lead to data breaches, compromise of the server, or further attacks against your application and infrastructure.