H3-2022-0039¶

Golang pprof Debugging Endpoint Enabled

Description¶

Golang’s net/http/pprof package can expose sensitive debugging information if enabled in a production environment.

Impact¶

Sensitive environment information may be leaked to attackers allowing for further exploitation.

References¶

• Your pprof is showing
• GO Documentation
• CWE-215: Insertion of Sensitive Information Into Debugging Code