Stack Trace Disclosure (Laravel)

Severity: Medium
Summary#

While analyzing an HTTP response, Invicti identified a stack trace that was exposed by the Laravel framework due to a misconfiguration.

Impact#

An attacker can obtain information such as:

  • Function names
  • Filenames
  • Physical file paths of relevant files.
  • Function parameters

This information might help an attacker gain more information and potentially focus on the development of further attacks against the target system.

Remediation#
Change your config/app.php file to disable debug mode, which is responsible for the visible stack traces:
'debug' => (bool) env('APP_DEBUG', false)

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works