Exposure of Resource to Wrong Sphere
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-668: Exposure of Resource to Wrong Sphere |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
Running a Flask app with host set to ‘0.0.0.0’ makes your server accessible from any network, not just your local machine. This can unintentionally expose your application to the public internet.
Impact#
If exploited, attackers could access your development server, potentially exposing sensitive data or application internals. This increases the risk of unauthorized access, data leaks, and attacks against your application or underlying system.