Spring Boot Misconfiguration: Developer tools enabled on production

Severity: Medium

Invicti detected that the web application is running with spring-boot-devtools enabled. Spring Boot includes an additional set of tools that can make the application development experience a little more pleasant. The spring-boot-devtools module can be included in any project to provide additional development-time features.


Enabling spring-boot-devtools on a remote application is a security risk. You should never enable support on a production deployment.

Actions To Take#

It's recommended to disable spring-boot-devtools. This can be done by removing the spring-boot-devtools dependency from your build automation tool configuration file.


Search Vulnerability

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works