Description
Go is an open source programming language. Go contains a package pprof that serves via its HTTP server runtime profiling data in the format expected by the pprof visualization tool.
When the pprof package is imported the Go application will publish runtime profiling data at /debug/pprof/.
This web application is using the pprof package and the /debug/pprof/ endpoints are publicly accessible.
Remediation
It's recommended to restrict access to the /debug/pprof/ endpoints or don't use the pprof package on production applications.
References
Related Vulnerabilities
WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5)
WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (3.7.0)
WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)