Description

By default, Express applications run in development mode. In development mode, Express returns more verbose errors which can result in information leakage. This also provides an attacker with information about the host system. It's recommended to configure Node.js to run in production mode.

Remediation

You can signal Node.js that you are running in production by setting the NODE_ENV=production environment variable.

References

Production Best Practices: Security

Related Vulnerabilities

ASP.NET WCF service include exception details

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.36)

nginx SPDY heap buffer overflow

WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)

XML external entity injection and XML injection

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure