Skip to content

Security Test: Exposed Source Map

Description

Default Severity:

Exposed source maps can turn a helpful debugging tool into a security risk. They act like shine-a-light guides that map your neat, minified production code back to the messy, original version. This means if they're left accessible, attackers can use them to see all the inner workings of your app, often revealing hidden logic and vulnerabilities you'd rather keep secret. The common mistake is forgetting to remove or secure these files after development, leaving an open door for potential exploitation.

Configuration

Identifier: frontend_information_disclosure/exposed_sourcemap

Examples

All configuration available:

checks:
  frontend_information_disclosure/exposed_sourcemap:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API8:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 6.5.8
GDPR Article-32
SOC2 CC9
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-44
FedRAMP AC-22
CWE 200
CVSS Vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score 5.3