Description

Go is an open source programming language. Go contains a package pprof that serves via its HTTP server runtime profiling data in the format expected by the pprof visualization tool.

When the pprof package is imported the Go application will publish runtime profiling data at /debug/pprof/.

This web application is using the pprof package and the /debug/pprof/ endpoints are publicly accessible.

Remediation

It's recommended to restrict access to the /debug/pprof/ endpoints or don't use the pprof package on production applications.

References

Package pprof

Related Vulnerabilities

WordPress Plugin Shopping Cart & eCommerce Store Information Disclosure (2.0.5)

WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)

RoR Development Mode enabled

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (3.7.0)

WordPress Plugin Advanced Contact form 7 DB Information Disclosure (1.1.0)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure