Description
The Ruby on Rails application is running in development mode, which is insecure and leaks a lot of sensitive information about the application internals. Rails creates three environments: development, production, and test, upon application generation. The development mode enables extra debugging behaviors, beneficial to both developers and attackers. An attacker can obtain information such as Middleware, Application root, which might help an attacker gain more information, and potentially focus on the development of further attacks to the target system.
Remediation
Configure the Rails application to run in production mode using the following command: rails server -e production.
References
Related Vulnerabilities
WordPress Plugin W4 Post List Multiple Vulnerabilities (2.4.5)
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
Web Cache Poisoning DoS (for javascript)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5610)
WordPress Plugin MiwoFTP-File & Folder Manager Arbitrary File Disclosure (1.0.4)