Spring Boot Misconfiguration: Developer tools enabled on production
Summary#
Invicti detected that the web application is running with spring-boot-devtools enabled. Spring Boot includes an additional set of tools that can make the application development experience a little more pleasant. The spring-boot-devtools module can be included in any project to provide additional development-time features.
Impact#
Enabling spring-boot-devtools on a remote application is a security risk. You should never enable support on a production deployment.
Actions To Take#
It's recommended to disable spring-boot-devtools. This can be done by removing the spring-boot-devtools dependency from your build automation tool configuration file.
Classifications#
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Related Vulnerabilities
