Description

Your Symfony web application is configured to run with debug mode enabled.

A Symfony application can be run with debug mode set to true or false (respectively 1 or 0 for the APP_DEBUG variable defined in .env). This affects many things in the application, such as displaying stacktraces on error pages or if cache files are dynamically rebuilt on each request.

When running in production it's recommended to disable the debug mode.

Remediation

To disable debug mode set the APP_DEBUG environment variable value to 0 in the .env environment configuration file. 

# .env or .env.local
APP_DEBUG=0

References

How to Master and Create new Environments

Related Vulnerabilities

W3 total cache debug mode

RoR Database Configuration File Detected

WebDAV directory listing

WordPress Plugin Pike Firewall Information Disclosure (1.4)

Subresource Integrity (SRI) Not Implemented

Severity

Medium

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure Error Handling