Summary

Acunetix 360 detected that the development mode is enabled in the Express.

Impact

By default, Express applications run in development mode. In development mode, Express returns more verbose errors which can result in information leakage. This also provides an attacker with information about the host system. It's recommended to configure Node.js to run in production mode.

Actions To Take

You can signal Node.js that you are running in production by setting the NODE_ENV environment variable like below:

NODE_ENV=production

Severity

Medium

Classification

CWE-200 ISO27001-A.9.4.1 WASC-14 OWASP 2013-A5 OWASP 2017-A6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N