Spring Boot Misconfiguration: Developer tools enabled on production
Invicti detected that the web application is running with
spring-boot-devtools enabled. Spring Boot includes an additional set of tools that can make the application development experience a little more pleasant. The spring-boot-devtools module can be included in any project to provide additional development-time features.
Enabling spring-boot-devtools on a remote application is a security risk. You should never enable support on a production deployment.
It's recommended to disable spring-boot-devtools. This can be done by removing the
spring-boot-devtools dependency from your build automation tool configuration file.