Summary

Acunetix 360 detected that the Whoops is enabled and configured to show verbose error messages.

This vulnerability can cause highly sensitive data leaks.

Impact

The Whoops Error Handler Framework shows verbose error messages in a convenient format. These error messages may contain:

  • Stack Traces
  • Internal Source Code
  • Environment Variables
  • Physical path of the requested file

Some of this data can be highly sensitive and should not be displayed outside of a debugging context.

Severity

Information

Classification

CWE-205 ISO27001-A.14.2.5 or A.18.1.3 WASC-13 OWASP 2017-A6