In an internal security check, a medium-risk vulnerability was found in pushgetway, which was confirmed to be http://x.x.x.x:9091/debug/pprof related information.
According to the introduction may indeed generate some risks
https://www.farsightsecurity.com/blog/txt-record/go-remote-profiling-20161028/
http://mmcloughlin.com/posts/your-pprof-is-showing
Consider setting a switch to disable the relevant functionality when necessary
Thanks
In an internal security check, a medium-risk vulnerability was found in pushgetway, which was confirmed to be http://x.x.x.x:9091/debug/pprof related information.
According to the introduction may indeed generate some risks
https://www.farsightsecurity.com/blog/txt-record/go-remote-profiling-20161028/
http://mmcloughlin.com/posts/your-pprof-is-showing
Consider setting a switch to disable the relevant functionality when necessary
Thanks