Description
Werkzeug is a comprehensive WSGI web application library for the Python language. Werkzeug provides a WSGI middleware that renders nice tracebacks, optionally with an interactive debug console to execute code in any frame. This console functionality can be abused by attackers to run commands on the server.
Test for Werkzeug Interactive Debugging Vulnerability with SmartScanner
Donwload FREE!Recommendation
Do not use the DebuggedApplication on the production servers. And, make sure to pass False as the use_debugger value in the run_simple() function call. If you’re using Flask, set the FLASK_ENV to production in the environment variables.
References
Related Issues
- Detailed Application and Database Error - Vulnerability
- Detailed Application Error - Vulnerability
- Application and Database Error - Vulnerability
- Application Error - Vulnerability
- Tags:
- Information Disclosure
- Error Handling
- Flask
- Python
Anything's wrong? Let us know Last updated on May 13, 2024