Context-Inappropriate Capability
Low
- Confidence
- 94% confidence
- Finding
- The guide suggests enabling net/http/pprof and starting an HTTP server on :6060 without any warning about restricting access. Exposed profiling endpoints can leak sensitive runtime details, request patterns, goroutine stacks, memory contents, and internal topology, which can materially aid attackers during reconnaissance or incident escalation.
