Express Development Mode Is Enabled
Severity:
Medium
Summary
Invicti detected that the development mode is enabled in the Express.
Impact
By default, Express applications run in development mode. In development mode, Express returns more verbose errors which can result in information leakage. This also provides an attacker with information about the host system. It's recommended to configure Node.js to run in production mode.
Remediation
Required Skills for Successful Exploitation
Actions To Take
You can signal Node.js that you are running in production by setting the NODE_ENV environment variable like below:
NODE_ENV=production
Classifications
Vulnerability Index
You can search and find all vulnerabilities
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Featured resources
Build your resistance to threats. And save hundreds of hours each month.
