Description

This Flask web application is running in Debug Mode. Even though the interactive debugger does not work in forking environments (which makes it nearly impossible to use on production servers), it still allows the execution of arbitrary code. This makes it a major security risk and therefore it must never be used on production machines.

Remediation

Debug Mode must never be used on production machines. Disable Debug Mode before deploying the application.

References

Flask Debug Mode

Related Vulnerabilities

PHP version older than 5.2.1

VMware Aria Operations for Networks RCE (CVE-2023-20887)

ColdFusion FlashGateway Deserialization RCE CVE-2019-7091

WordPress Plugin Include Me Remote Code Execution (1.2.1)

Joomla! JomSocial remote code execution

Severity

High

Classification

CWE-489 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Code Execution