Description

Your Laravel web application is configured to run in debug mode. When your application is in debug mode, detailed error messages with stack traces will be shown on every error that occurs within your application. If disabled, a simple generic error page is shown. It's recommended to disable Laravel debug mode.

The debug option in your config/app.php configuration file determines how much information about an error is actually displayed to the user. By default, this option is set to respect the value of the APP_DEBUG environment variable, which is stored in your .env file.

Remediation

To disable Laravel debug mode set the APP_DEBUG environment variable value to false in the .env environment configuration file. 

# .env
APP_DEBUG=false

References

Debug Mode

Related Vulnerabilities

Hadoop YARN ResourceManager publicly accessible

ASP.NET cookies accessible from client-side scripts

Insecure Transportation Security Protocol Supported (TLS 1.1)

Spring Boot Actuator v2

Redis Unauthorized Access Vulnerability

Severity

Medium

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration