Description
Arbitrary Source Code Disclosure is a vulnerability that occurs when it’s possible to access the source code of any file on a web application, potentially revealing sensitive information such as credentials, API keys, or proprietary algorithms. This can occur due to misconfigurations or vulnerabilities in the web server or application.
Recommendation
To mitigate Arbitrary Source Code Disclosure, avoid passing user-submitted input to filesystem APIs. If it’s not possible, another solution is to use a white list of acceptable inputs.
References
Related Issues
- Source Code Disclosure - Vulnerability
- Unreferenced Source Code Disclosure - Vulnerability
- Apache Version Disclosure - Vulnerability
- ASP.NET Version Disclosure - Vulnerability
- Tags:
- Information Disclosure
- Access Control
Anything's wrong? Let us know Last updated on May 13, 2024