Werkzeug Debugger Exposure

Werkzeug debugger is a useful interactive tool for introspective running Python web applications. The debugger allows the execution of arbitrary code. Therefore it must never be used on production machines.

Impact

Attackers may access the debugger to execute arbitrary code into the web application.

Solution

Ensure that the debugger is turned off in production environments.

References

• https://werkzeug.palletsprojects.com/en/2.0.x/debug/