Description

One or more stack traces were identified. The web application has generated an error message that includes sensitive information about its environment, users, or associated data.

The stack trace can disclose potentially sensitive information such as: physical file paths of relevant files, source code fragments, version information of various packages, database information, error messages, ...

Remediation

It's recommended to handle exceptions internally and do not display errors containing potentially sensitive information to a user.

References

Stack Trace Disclosure (RoR) | Invicti

Related Vulnerabilities

WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)

WordPress Plugin WP Intercom-Slack for WordPress Information Disclosure (1.2.1)

WordPress Plugin Page Flip Image Gallery 'book_id' Parameter Remote File Disclosure (0.2.2)

Nginx memory disclosure with specially crafted HTTP backend responses

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

Severity

Medium

Classification

CWE-209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure