Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Python Debugger Unauthorized Access Vulnerability - Vulnerability Database

Python Debugger Unauthorized Access Vulnerability

Description

The web application exposes Python debugpy/ debugger port. It's not recommended to have the server publicly accessible as the debugger has full access to the Python execution environment and an attacker may be able to execute arbitrary python code.

Remediation

Disable debugger or restrict access to it

References

debugpy - a debugger for Python

Related Vulnerabilities

Lucee Unset Admin Password Critical
Common tags: Configuration Code Execution
Symfony ESI (Edge-Side Includes) enabled Low
Common tags: Configuration Code Execution
Struts 2 development mode High
Common tags: Configuration Code Execution
MovableType remote code execution High
Common tags: Configuration Code Execution
Ruby on Rails weak/known secret token High
Common tags: Configuration Code Execution

Severity

High

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration
Code Execution