Skip to content
← Back to Vulnerability Database
MEDIUMCWE-489Configuration

Debug Mode Enabled in Production

Description

Debug or development mode is enabled in production, exposing detailed error pages, stack traces, and configuration information.

How Vezraa Detects It

We trigger errors on your app (e.g., invalid URL, missing parameter) and check if stack traces or debug info is leaked.

Real-World Impact

Detailed error pages leak file paths, database schemas, library versions, and configuration — all useful for further attacks.

Fix Example

// Next.js: set NODE_ENV=production
// Express: disable stack traces
app.set('env', 'production');
app.use((err, req, res, next) => {
  res.status(500).send('Internal Server Error');
});

Affected Stacks

Next.jsExpressDjangoAll frameworks

References

Check if your app has this vulnerability

Scan your app in 25 seconds — no install, no code access required.

Debug Mode Enabled in Production — Vulnerability Database | Vezraa