Whoops Error Handler Framework Detected

Severity: Information

Invicti detected that the Whoops is enabled and configured to show verbose error messages.

This vulnerability can cause highly sensitive data leaks.


The Whoops Error Handler Framework shows verbose error messages in a convenient format. These error messages may contain:

  • Stack Traces
  • Internal Source Code
  • Environment Variables
  • Physical path of the requested file

Some of this data can be highly sensitive and should not be displayed outside of a debugging context.

Invicti Logo

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo