CVE-2022-0451

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-0451
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0451.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-0451
Published
2022-02-18T14:15:07Z
Modified
2025-01-15T02:14:27.061757Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond.

References

Affected packages

Git / github.com/dart-lang/sdk

Affected ranges

Type
GIT
Repo
https://github.com/dart-lang/sdk
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

analyzer-0.*

analyzer-0.31.0
analyzer-0.31.0+1
analyzer-0.31.1
analyzer-0.31.2-alpha.0
analyzer-0.31.2-alpha.1
analyzer-0.31.2-alpha.2
analyzer-0.32.0
analyzer-0.32.4
analyzer-0.33.0

Other

merge_analyzer_branch

meta-v1.*

meta-v1.3.0-nullsafety.1
meta-v1.3.0-nullsafety.2