Information Disclosure

What does this mean ?

Information leak could expose sensitive data about your application in which attackers may leverage this information to conduct further attacks.

What can happen ?

Attackers can utilize information disclosure concerns in online applications to get important knowledge about a web application's potential flaws, allowing them to construct a more successful attack.

Recommendation

it's recommended to remove debugging statements including print or logging statements/files from the production environment

Sample Code

Ruby

Vulnerable :

config.consider_all_requests_local = true

Non Vulnerable :

config.consider_all_requests_local = false

References

• https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure