Information Leakage / Source Map Code Leak
The risk associated with Source Map Code Leak is high as it may lead to leakage of sensitive information, including but not limited to application source code, API keys, passwords, and other sensitive data. This information can be used by an attacker to gain access to an application, launch an attack, or steal user data.
The solution to Source Map Code Leak is to ensure that source maps are not exposed in the production environment. This can be accomplished by adding appropriate checks and validations in the application code to ensure that source maps are only made available in the development environment. Additionally, the source maps should be removed from the production environment as soon as the development is complete.
The following is an example of Source Map Code Leak from CVE-2020-7140. The vulnerability exists in an iOS application that has a source map file that contains the source code of the application and is accessible to the public.