Description

The web application uses Whoops component to show information about errors. Such errors may disclosure of sensitive information about the web application.

Remediation

Don't show details of errors to users

References

whoops

Related Vulnerabilities

Ruby Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-10933)

WordPress Plugin WP Easy full backup Information Disclosure (1.4)

WordPress Plugin Advanced Woo Search Information Disclosure (1.99)

WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2206)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure