Description

The web application uses Whoops component to show information about errors. Such errors may disclosure of sensitive information about the web application.

Remediation

Don't show details of errors to users

References

whoops

Related Vulnerabilities

ZenCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4322)

rack-mini-profiler environment variables disclosure

WordPress Plugin Easy Contact Forms Export 'file' Parameter Information Disclosure (1.1.0)

WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)

WordPress Plugin WP PHP widget Information Disclosure (1.0.2)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure