Description

The web application exposes Python debugpy/ debugger port. It's not recommended to have the server publicly accessible as the debugger has full access to the Python execution environment and an attacker may be able to execute arbitrary python code.

Remediation

Disable debugger or restrict access to it

References

debugpy - a debugger for Python

Related Vulnerabilities

ReviveAdserver Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9129)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Information Disclosure (3.4.7)

WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)

Unrestricted access to AnythingLLM API

WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.3)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Configuration Code Execution