Fix guide · medium · verbose_error_stack_trace
Stack trace returned in response to an unknown URL
What this rule means
Hitting a non-existent path returned a stack trace in the response body.
Why it matters
Reveals server-side framework, internal file paths, and library versions. Each piece of information narrows the attacker's exploit search.
How to fix it
Configure error pages:
- Production framework setting: every framework has one. Express:
app.set('env', 'production'). Django:DEBUG = False. Rails:config.consider_all_requests_local = false. .NET:<customErrors mode="On">. - Custom 404/500 templates that return a generic message without internal details.
- Log the stack server-side (you still need it for debugging) — just don't put it in the response body.
Did vibecheck flag this on your app?
If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.
Run another inspection