Description

This Flask web application is running in Debug Mode. Even though the interactive debugger does not work in forking environments (which makes it nearly impossible to use on production servers), it still allows the execution of arbitrary code. This makes it a major security risk and therefore it must never be used on production machines.

Remediation

Debug Mode must never be used on production machines. Disable Debug Mode before deploying the application.

References

Flask Debug Mode

Related Vulnerabilities

Apache Unomi MVEL RCE (CVE-2020-13942)

Check for apache versions up to 1.3.25, 2.0.38

WordPress Plugin Import XML and RSS Feeds Remote Code Execution (2.1.4)

Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability

Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)

Severity

High

Classification

CWE-489 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Code Execution