Description

The Ruby on Rails application is running in development mode, which is insecure and leaks a lot of sensitive information about the application internals. Rails creates three environments: development, production, and test, upon application generation. The development mode enables extra debugging behaviors, beneficial to both developers and attackers. An attacker can obtain information such as Middleware, Application root, which might help an attacker gain more information, and potentially focus on the development of further attacks to the target system.

Remediation

Configure the Rails application to run in production mode using the following command: rails server -e production.

References

Related Vulnerabilities