Arbitrary Source Code Disclosure
Impact: High
Description
Arbitrary Source Code Disclosure is a vulnerability that occurs when it’s possible to access the source code of any file on a web application, potentially revealing sensitive information such as credentials, API keys, or proprietary algorithms. This can occur due to misconfigurations or vulnerabilities in the web server or application.
Recommendation
To mitigate Arbitrary Source Code Disclosure, avoid passing user-submitted input to filesystem APIs. If it’s not possible, another solution is to use a white list of acceptable inputs.
References
👉 You might also like:
Source Code Disclosure - Vulnerability
Unreferenced Source Code Disclosure - Vulnerability
Apache Version Disclosure - Vulnerability
ASP.NET Version Disclosure - Vulnerability
Last updated on May 13, 2024