Description
Arbitrary Source Code Disclosure is a vulnerability that occurs when it’s possible to access the source code of any file on a web application, potentially revealing sensitive information such as credentials, API keys, or proprietary algorithms. This can occur due to misconfigurations or vulnerabilities in the web server or application.
Recommendation
To mitigate Arbitrary Source Code Disclosure, avoid passing user-submitted input to filesystem APIs. If it’s not possible, another solution is to use a white list of acceptable inputs.