Go is an open source programming language. Go contains a package pprof that serves via its HTTP server runtime profiling data in the format expected by the pprof visualization tool.

When the pprof package is imported the Go application will publish runtime profiling data at /debug/pprof/.

This web application is using the pprof package and the /debug/pprof/ endpoints are publicly accessible.


It's recommended to restrict access to the /debug/pprof/ endpoints or don't use the pprof package on production applications.


Related Vulnerabilities