Summary #

Invicti detected that the development mode is enabled in the Express.

Impact #

By default, Express applications run in development mode. In development mode, Express returns more verbose errors which can result in information leakage. This also provides an attacker with information about the host system. It's recommended to configure Node.js to run in production mode.

Actions To Take #

You can signal Node.js that you are running in production by setting the NODE_ENV environment variable like below:

Classifications #
CWE-200; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities


Search Vulnerability


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo