Detect when Debug=True for Werkzeug servers
Registered by
Kevin London
Patreon was just hacked and it sounds like, from this blog post, the activity can be traced to leaving debug=True on their Werkzeug-based server. When it is enabled, it potentially allows for RCE through the browser.
http://
http://
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Kevin London
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- New
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Travis McPeak
- Completed by
- Travis McPeak
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add check for Flask app debug=True usage
(?)