Summary #

Invicti detected that the development mode is enabled in the Express.

Impact #

By default, Express applications run in development mode. In development mode, Express returns more verbose errors which can result in information leakage. This also provides an attacker with information about the host system. It's recommended to configure Node.js to run in production mode.

Actions To Take #

You can signal Node.js that you are running in production by setting the NODE_ENV environment variable like below:

NODE_ENV=production
Classifications #
CWE-200; ISO27001-A.9.4.1; WASC-14; OWASP 2013-A5; OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

OR

Search Vulnerability

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo