Description

The web application uses Whoops component to show information about errors. Such errors may disclosure of sensitive information about the web application.

Remediation

Don't show details of errors to users

References

whoops

Related Vulnerabilities

Arbitrary File Read on Nuxt.js Development Server

Unrestricted access to Caddy API interface

WordPress Plugin Count per Day Information Disclosure (3.2.5)

Jetty ConcatServlet Information Disclosure (CVE-2021-28169)

Joomla! Core 3.x.x Information Disclosure (3.6.0 - 3.9.12)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure