SiteShadow
Back to vulnerability library
Detected byRegex rules + pattern checksFree

E01 Verbose Error Handling

What this means

SiteShadow flagged responses/logging that may expose too much internal detail to end users (stack traces, file paths, SQL errors, secrets, internal hostnames).

Why it matters

Verbose errors can leak stack traces, file paths, or sensitive data.

Safer examples

1) Return safe error messages to clients

res.status(500).json({ error: "Something went wrong", code: "INTERNAL_ERROR" });

2) Log details server-side (with redaction)

3) Disable debug in production

Ensure framework "debug mode" is off in prod (see C01 / A05).

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this in your code with the free tier.

SiteShadow's free tier covers this exact pattern across the 23 OWASP Top 10 single-file checks. Sign in with your work SSO, first-time sign-in auto-issues your free license.