MEDIUMCWE-489Configuration
Debug Mode Enabled in Production
Description
Debug or development mode is enabled in production, exposing detailed error pages, stack traces, and configuration information.
How Vezraa Detects It
We trigger errors on your app (e.g., invalid URL, missing parameter) and check if stack traces or debug info is leaked.
Real-World Impact
Detailed error pages leak file paths, database schemas, library versions, and configuration — all useful for further attacks.
Fix Example
// Next.js: set NODE_ENV=production
// Express: disable stack traces
app.set('env', 'production');
app.use((err, req, res, next) => {
res.status(500).send('Internal Server Error');
});Affected Stacks
Next.jsExpressDjangoAll frameworks