Description

The Nuxt.js application is running in development mode on your production server. In the development mode, Nuxt.js includes detailed error messages, stack traces, and other debug information that can help attackers understand the inner workings of your application and design attacks more effectively.

In order to minimize the security risk, you should ensure that your Nuxt.js application is running in production mode when deployed to a live environment.

Remediation

Ensure that your Nuxt.js application is running in production mode when deployed to a live environment. This can be achieved by setting the NODE_ENV environment variable to production in your deployment scripts, or by programmatically setting the dev property to false in your Nuxt configuration file in the production environment.

References

The dev property

Related Vulnerabilities

Apache mod_negotiation filename bruteforcing

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.21)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.25)

WordPress Plugin WP PHP widget Information Disclosure (1.0.2)

WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure